// Trust & Security Report
Drip Global, Inc. (acquired by Leadpages)
Email and SMS marketing automation platform for ecommerce brands, featuring AI-powered segmentation, predictive analytics, automated workflows, and revenue attribution.
Certifications held
3
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on drip.com“Drip has certified to the Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles”
Verify on drip.com“Drip has certified to the Department of Commerce that they adhere to the UK Extension to the EU-U.S. Data Privacy Framework”
Verify on drip.com“Drip has certified to the Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles”
> Show 4 unconfirmed / not-held certifications
source: help.drip.comGDPR is a regulation, not a certification. Drip acts as a data Processor and provides a Data Processing Addendum with Standard Contractual Clauses for international transfers, but personal data is stored in the US and Drip does not claim full technical GDPR compliance. No verified vendor statement of complete GDPR compliance.
source: help.drip.comDrip is not HIPAA compliant and does not provide the encryption and security level required to become HIPAA compliant. Their email sending provider, SendGrid, is not HIPAA compliant and does not natively support HIPAA compliant data transmission.
No public evidence of SOC 2 certification found on Drip's website or trust documentation.
No public evidence of ISO 27001 certification found on Drip's website or trust documentation.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
United States
Drip uses machine learning for predictive segmentation, win probability prediction, and personalized recommendations based on customer purchase and browsing history. No explicit disclosure found regarding whether customer email lists are used to train or improve ML models. Customer data is processed for personalization and analytics but training policy on customer data is not publicly documented.
// Security controls
Organizational Measures
Appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, change or damage
drip.comData Subject Rights Response
Responds to GDPR data subject rights requests within 30 days
help.drip.comEmail Authentication
Supports DMARC, SPF, and DKIM for email authentication and security
help.drip.com// Products & data scope
data: Customer email lists, engagement history, purchase data
Primary product offering with template-based campaigns and automated workflows
data: Customer phone numbers, SMS engagement history
TCPA and CTIA compliant with quiet hours enforcement
data: Behavior-triggered workflows based on purchase, browse, and engagement events
Behavior-based segmentation and automated sequences
data: Customer purchase history, browsing behavior, engagement patterns
AI-powered win probability prediction and churn risk identification
// What to watch
- GDPR posture is 'spirit of compliance' due to US data storage, not full technical compliance
- No SOC 2 Type II or ISO 27001 certification despite handling sensitive customer email data and being a growth-stage company
- No dedicated security or trust center page; compliance info scattered across help center
- HIPAA not supported, limiting use cases in healthcare and regulated industries
- Data stored in US only, may not meet residency requirements for some jurisdictions
- AI/ML model training policy on customer data not clearly disclosed publicly
- SendGrid (email provider) is SOC 2 certified but Drip itself is not
- No mention of penetration testing, vulnerability disclosure program, or security audits
// At a glance
Pricing model
Per-subscriber plus email volume; starts with free 14-day trial
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Drip Global, Inc. (acquired by Leadpages)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
drip.com