Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Inxmail

VERIFIED
Email marketing · Germany
Founded 1999 · inxmail.de ↗

Freiburg-based premium German enterprise email marketing platform with ISO 27001 (TÜV Rheinland) and EU-only hosting.

In short

Inxmail, in the Email marketing category, is a European service with Germany as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

Freiburg-based GmbH with EU-only hosting, ISO 27001 certified by TÜV Rheinland, SCC for the small US sub-processor footprint that exists for marketing-site analytics, and 'Software Made in Germany' designation: EU-owned and EU-hosted with minor CLOUD Act exposure, but no publicly-linked DPA or sub-processors document (enterprise sales model gates these documents to the contracting flow).

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Inxmail

Inxmail is a Freiburg-headquartered German email marketing platform operated by Inxmail GmbH (Wentzingerstr. 17, 79106 Freiburg im Breisgau), founded in 1999 and one of the longest-running independent ESPs in DACH. The product is positioned as a premium enterprise solution for media and publishing, energy utilities, banking and insurance, and retail/e-commerce, with a modular platform covering newsletter campaigns, marketing automation, transactional / trigger-based emails, and an SMTP Mail Relay. Inxmail reports more than 2,000 corporate customers.

The compliance posture is strong on the technical side: customer data is hosted exclusively on EU servers, the company is ISO 27001-certified by TÜV Rheinland (first issued 2020) for development and operation of its email marketing applications, and it carries the "Software Made in Germany" industry seal. The privacy policy notes that any transatlantic transfers (e.g. for Google Analytics or LinkedIn marketing pixels on the corporate website) are covered by Standard Contractual Clauses; the external Data Protection Officer is DDSK GmbH. Where Inxmail is weaker for a procurement-grade assessment is transparency: the dedicated DPA (AVV), security, and sub-processor pages were not publicly resolvable at audit time, and pricing is enterprise-only on a sales-contact basis, so small EU buyers cannot self-serve a copy of the DPA; the absence of a public DPA and sub-processors disclosure is the primary gap in an otherwise solid EU-hosted, EU-owned, ISO 27001-certified profile.

Pricing is custom: per the public prices page, fees cover hosting, administration, deliverability team, and monthly user support, scaling with email volume; no public price tier or freemium is advertised. Best fit: mid-market and enterprise marketers in DACH (publishers, utilities, financial services) who want a long-running independent German vendor, ISO 27001 attestation, and white-glove deliverability support, and are comfortable with sales-mediated procurement. Buyers who need a freemium entry tier or self-serve DPA download should look at CleverReach or rapidmail in this category.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Automation Yes
Landing pages No
A/B testing Yes
Transactional email Yes
SMS marketing No
Built-in CRM No
Dedicated IP Yes
Free tier No
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement. This is recorded as no public DPA (see How we assess).
Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

Brevo
France · Founded 2012
EU-HOSTED

Paris-headquartered multi-channel customer-engagement platform with email, SMS, CRM, automation, ISO 27001 and a public DPA.

Public DPA Sub-processors Open source
FROM
€8/mo
CLOUD ACT
MATERIAL
CleverReach
Germany · Founded 2007
EU-HOSTED

German email marketing platform with EU-only customer data storage in Germany and a permanently free Lite tier.

Public DPA Sub-processors Open source
FROM
€15/mo
CLOUD ACT
MATERIAL
EmailOctopus
United Kingdom · Founded 2014
EU-HOSTED

London-based low-cost email marketing (Three Hearts Digital, 2014), generous free tier, indie-friendly, Amazon SES-backbone.

Public DPA Sub-processors Open source
FROM
€0/mo
CLOUD ACT
MATERIAL