Security-Minded features from Emma

At CM Group, we’re committed to keeping Emma a safe and trusted application through our ongoing investment in security and reliability.

Our product teams work hard to deliver a range of features and product enhancements focused specifically on data privacy and security. And while some of the following security measures have previously been in place, your account needs can change and you may have brought on new users since you first started with Emma. With that in mind, consider the following a fresh reminder of how Emma works alongside you to keep your account secure:

Use reCAPTCHA on signup forms

Say goodbye to spambots! Whether you’re using Emma's signup and Lightbox forms, or a third-party hosted form, Google’s reCAPTCHA service adds an extra layer of security. Implementing reCAPTCHA forms shows a huge reduction in spambot attacks and blocklisting, improves deliverability, and is essential in GDPR compliance.

Note: When reCAPTCHA is enabled for your form, the option to "Use a Javascript object" will not be available. In order to use Javascript, you will need to deselect the "Enable reCAPTCHA" checkbox in the "About this signup form" section at the top of the form customization page. To learn more about reCAPTCHA and removing spambot signups, visit our Support Hub.

Two-step verification

Two-step verification (also known as two-factor authentication) adds an extra security step in your login process. As soon as you log in to your Emma account with your username and password, an additional code is sent to an authenticator app on your phone that’s required to successfully log in. This minimal extra step goes a long way to provide a safe and secure account and is one we strongly recommend. You can learn more about setting up two-factor authentication on our Support Hub.

Single Sign-On (SSO)

Similar to two-step verification, Emma HQ accounts can add Single Sign-On (SSO) to their account. Through SSO, you seamlessly connect Emma with your organization, requiring only a single set of login credentials across multiple apps. Through this connection, your account reduces the risk of bad password habits from individual users, while also improving the adoption of company-promoted apps that are readily available from one place. 

Subscriber permission

Under the GDPR, obtaining permission requires that any processing be done with lawful purpose. Of the options outlined by the regulation, permission is best suited to marketers and their subscribers. Our subscriber-related features are up-to-date to take into account how GDPR has updated the definition and practical application of getting that permission.

Now, you can ask for permission right from your lightbox and signup forms. You’ll also be able to link to your privacy and cookie policies if you have them, directly from the form. Existing subscribers can change their own permission and subscription settings in their preference center, providing you enable the option to do so. For more information on our commitment to be GDPR-compliant, visit our Trust Center.

Extending the security of our API

Our API provides you with the flexibility to adapt Emma to suit your specific needs. To protect your data, we have always protected API access with either OAuth or an API key authentication to prevent any unwanted access. To further protect your data, we have steps in place to strengthen the security of Emma's API key format and allow customers to easily update their own API key.

Wrap up

The majority of these updates are available to all Emma customers (with the exception of SSO support which requires Emma HQ) and they’re built to heighten account and data security and help you gather consent from your subscribers, ultimately providing a more secure email experience from signup to send. For more information, feel free to contact our team.


Want to engage your audience and grow your brand? Try Emma's robust easy-to-use product today.