Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Make

VERIFIED
Email marketing · Norway
Founded 2009 · make.as ↗

Oslo-based Norwegian email and SMS marketing platform storing customer data on Norwegian servers, with an official 'Made in Norway' label.

In short

Make, in the Email marketing category, is a European service with Norway as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

Norwegian AS (Make AS, Oslo; org NO 993555002, founded 2009) that stores customer subscriber and email data on Norwegian servers and markets an official 'Made in Norway' label — Norway is in the EEA so GDPR applies directly and there is no EU↔NO transfer problem. But the privacy policy names US-owned operational sub-processors (Intercom for support/chat, Google Workspace for internal documents) alongside EU ones (Pipedrive EE, 24Seven Office NO, Posten Bring NO, StatusCake UK); these touch support and internal ops rather than subscriber data at rest, holding CLOUD Act exposure to the minor tier. No public Data Processing Agreement (provided only inside the contracting flow) and no public security certification (ISO 27001 etc.) cap the editorial score at 3/5 despite a clean Norwegian-hosting and Norwegian-ownership story.

CLOUD ACT
OWNERSHIP
SUB-PROCS
0 none disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Make

Make is a Norwegian email-marketing, SMS-marketing, and automation platform operated by Make AS (Sandakerveien 116, 0484 Oslo; org. NO 993555002), founded on 4 February 2009 and a newsletter partner to Norwegian businesses ever since. It serves around 1,700 private and public-sector customers — including names like NRK — and positions its Norwegian identity as its core differentiator: personal Norwegian-language support, local presence, and the official "Made in Norway" label. Note this is the Norwegian ESP Make AS, not the US automation tool make.com (Celonis).

For an EU/EEA-sovereignty audit Make presents a clean nominal hosting story: the company states that all customer personal data is stored and transmitted from Norwegian servers and IP addresses, fully within EEA jurisdiction where GDPR applies directly. The named sub-processors in the privacy statement are a mix — Pipedrive (EE) for CRM, 24Seven Office (NO) for accounting, Posten/Bring (NO) for digital signing, StatusCake (UK) for monitoring, and two US-owned tools, Intercom (support/chat) and Google Workspace (internal document management). These US tools are scoped to support and internal operations rather than to subscriber data at rest, which keeps CLOUD Act exposure in the minor tier. The weak points for procurement-grade buyers are transparency: there is no publicly downloadable DPA (databehandleravtale) and no publicly attested security certification such as ISO 27001 — the "Made in Norway" mark is a country-of-origin trust label, not an information-security audit.

Pricing is in NOK and aimed at the Norwegian SMB/enterprise market: Standard at 850 NOK/month (€73, 1,000 contacts, 4,000 emails, 3 users, one training hour), Pro at 1,150 NOK/month (€98, 10,000 emails, 10 users, unlimited segmentation/automation), and a custom Enterprise tier; SMS is billed separately, plans are billed annually in advance, and there is a 30-day demo but no permanent free tier. Distribution is via a reseller partner programme rather than a public affiliate scheme with a tracking cookie. Best fit: Norwegian and EEA buyers who want a Norway-resident newsletter and SMS tool with Norwegian-language support and an unambiguous "data stays in Norway" answer, and who don't require a self-serve DPA, ISO 27001 evidence, or English product localization. Buyers needing a public DPA or ISO 27001 should look at rapidmail, CleverReach, or Maileon in this category.

SUB-PROCESSORS

Sub-processor map · none disclosed

Source ↗
Vendor discloses zero sub-processors. All data processing happens in-house.
CERTIFICATIONS

Frameworks & certifications · none listed

We checked the vendor's website and standard certification body registries. No active certifications found at the time of last audit (2026-06-12).
FEATURES

Capability matrix

Automation Yes
Landing pages No
A/B testing No
Transactional email Yes
SMS marketing Yes
Built-in CRM No
Free tier No
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) No
COMPLIANCE & GOVERNANCE
Audit log No
Self-host / on-prem option No
PRICING

Pricing & tiers

PAID
from €73/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this is recorded as no public DPA (see How we assess).
  • Data Processing Addendum (DPA)
    — missing
    missing
  • Sub-processors list
    make.as/personvern…
    Open ↗
ALTERNATIVES

Alternatives in this category

Brevo
France · Founded 2012
EU-HOSTED

Paris-headquartered multi-channel customer-engagement platform with email, SMS, CRM, automation, ISO 27001 and a public DPA.

Public DPA Sub-processors Open source
FROM
€8/mo
CLOUD ACT
MATERIAL
View profile →
CleverReach
Germany · Founded 2007
EU-HOSTED

German email marketing platform with EU-only customer data storage in Germany and a permanently free Lite tier.

Public DPA Sub-processors Open source
FROM
€15/mo
CLOUD ACT
MATERIAL
View profile →
EmailOctopus
United Kingdom · Founded 2014
EU-HOSTED

London-based low-cost email marketing (Three Hearts Digital, 2014), generous free tier, indie-friendly, Amazon SES-backbone.

Public DPA Sub-processors Open source
FROM
€0/mo
CLOUD ACT
MATERIAL
View profile →
See all email marketing alternatives →