// Trust & Security Report

    Drip Global, Inc. (acquired by Leadpages) logo

    Drip Global, Inc. (acquired by Leadpages)

    Email and SMS marketing automation platform for ecommerce brands, featuring AI-powered segmentation, predictive analytics, automated workflows, and revenue attribution.

    Certifications held

    3

    Maturity

    Growth

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    EU-U.S. Data Privacy Framework (DPF)
    HELD

    Drip has certified to the Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles

    Verify on drip.com
    UK Extension to EU-U.S. Data Privacy Framework
    HELD

    Drip has certified to the Department of Commerce that they adhere to the UK Extension to the EU-U.S. Data Privacy Framework

    Verify on drip.com
    Swiss-U.S. Data Privacy Framework
    HELD

    Drip has certified to the Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles

    Verify on drip.com
    > Show 4 unconfirmed / not-held certifications
    GDPR Compliance
    NOT CONFIRMED

    GDPR is a regulation, not a certification. Drip acts as a data Processor and provides a Data Processing Addendum with Standard Contractual Clauses for international transfers, but personal data is stored in the US and Drip does not claim full technical GDPR compliance. No verified vendor statement of complete GDPR compliance.

    source: help.drip.com
    HIPAA Compliance
    NOT CONFIRMED

    Drip is not HIPAA compliant and does not provide the encryption and security level required to become HIPAA compliant. Their email sending provider, SendGrid, is not HIPAA compliant and does not natively support HIPAA compliant data transmission.

    source: help.drip.com
    SOC 2 Type II
    NOT CONFIRMED

    No public evidence of SOC 2 certification found on Drip's website or trust documentation.

    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found on Drip's website or trust documentation.

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    United States

    Drip uses machine learning for predictive segmentation, win probability prediction, and personalized recommendations based on customer purchase and browsing history. No explicit disclosure found regarding whether customer email lists are used to train or improve ML models. Customer data is processed for personalization and analytics but training policy on customer data is not publicly documented.

    // Security controls

    Encryption in Transit

    SSL encryption technology for all electronic transactions

    drip.com

    Data Storage

    All personal information stored on secure servers in the United States

    drip.com

    Organizational Measures

    Appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, change or damage

    drip.com

    Data Subject Rights Response

    Responds to GDPR data subject rights requests within 30 days

    help.drip.com

    Email Authentication

    Supports DMARC, SPF, and DKIM for email authentication and security

    help.drip.com

    // Products & data scope

    Email MarketingCore Platform

    data: Customer email lists, engagement history, purchase data

    Primary product offering with template-based campaigns and automated workflows

    SMS MarketingMessaging

    data: Customer phone numbers, SMS engagement history

    TCPA and CTIA compliant with quiet hours enforcement

    Automation & WorkflowsCore Platform

    data: Behavior-triggered workflows based on purchase, browse, and engagement events

    Behavior-based segmentation and automated sequences

    Predictive AnalyticsAnalytics

    data: Customer purchase history, browsing behavior, engagement patterns

    AI-powered win probability prediction and churn risk identification

    // What to watch

    • GDPR posture is 'spirit of compliance' due to US data storage, not full technical compliance
    • No SOC 2 Type II or ISO 27001 certification despite handling sensitive customer email data and being a growth-stage company
    • No dedicated security or trust center page; compliance info scattered across help center
    • HIPAA not supported, limiting use cases in healthcare and regulated industries
    • Data stored in US only, may not meet residency requirements for some jurisdictions
    • AI/ML model training policy on customer data not clearly disclosed publicly
    • SendGrid (email provider) is SOC 2 certified but Drip itself is not
    • No mention of penetration testing, vulnerability disclosure program, or security audits

    // At a glance

    Pricing model

    Per-subscriber plus email volume; starts with free 14-day trial

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Drip Global, Inc. (acquired by Leadpages)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    drip.com

    > Browse all vendor trust reports