REST API

Developer portal ›

SecuMailer has a REST API for sending secure emails. Both the GDPR and the NTA 7516 functionality are fully accessible via this API.

The API is documented with OpenAPI specification 3.0.1.

The REST API has webhook functionality, which means that the SecuMailer platform can communicate email events with an HTTPS endpoint of the sender.

SMTP API

The SMTP API is usually the simplest integration option for many backend applications because backend applications often have a provision for an SMTP client on board.

We have successfully integrated for customers with Salesforce, SAP and Centric. We have also successfully integrated with patient file systems such as Medisoft Dossier Manager.

GraphQL API

The SecuMailer platform offers insight into email events. This can be done on the basis of a (push) webhook call (see REST API above) and on the basis of a (pull) GraphQL endpoint.

Get a Demo

Name(Required)

Contact Sales

Your Name(Required)

About Secumailer

Secure email that simply works.

Get a Demo
Contact us
Quarantine mail

Who we are

SecuMailer was founded in 2017 with a simple but powerful idea: protecting privacy-sensitive data with secure email shouldn’t be a hassle. From our headquarters in Lelystad, The Netherlands, we have grown into a trusted SaaS provider for secure communication, serving organizations across government, healthcare, legal, finance, housing corporations, municipalities, and professional services.

Our mission

We believe that emailsecurity should never get in the way of people doing their jobs. That is why we design email security that is always there, always on, and never a burden. Employees don’t have to make extra choices, recipients don’t have to jump through hoops, and IT departments don’t have to manage complex infrastructures. Security is guaranteed in the background, so email simply works, safely.

Our approach

Unlike solutions that rely on awareness or user actions, SecuMailer is loved precisely because it doesn’t create friction. We remove complexity for employees, minimize overhead for IT, and keep communication smooth for recipients, without compromising on compliance or safety. This combination of usability, security, and simplicity is what defines our vision for the future of digital communication.

Data sovereignty

At SecuMailer, we believe organizations should remain in full control of their own data. Our solution is designed with European data protection standards at its core, ensuring that sensitive information stays within Europe and under your control. This approach means data is never handed over to foreign providers, and compliance with GDPR and national regulations is always guaranteed.

Trusted by many

Today, organizations in highly regulated environments trust SecuMailer to protect sensitive data while keeping work easy. From hospitals safeguarding patient records to municipalities communicating with citizens, SecuMailer enables secure digital communication without the frustration.

Why Choose Secumailer

SecuMailer keeps your data safe, your organization compliant and your users happy without any trade-offs.

Secure email without compromises
Organizations today are required to protect their most valuable asset: sensitive data. The question is no longer whether email should be secured, but how to do so while staying compliant with strict standards such as GDPR, NTA 7516 and eIDAS, without making daily work more complicated. Many solutions make secure email feel like a compromise. They rely on user awareness, placing the responsibility for security on employees who already have other priorities. On top of that, they introduce extra steps, deliver messages through portals, and ask recipients to log in again and again. The result is irritation, and large amounts of sensitive data being stored in places no one really wants.

SecuMailer takes that frustration away.
We shift the responsibility for email security from individual employees to the organization itself. Security is enforced through predefined transport rules, so users can simply send mail as they normally would do. Messages are delivered securely and directly into the recipient’s inbox. Authentication is only requested when required, while meeting the highest security standards. Once a message has been delivered, it is wiped from our servers, just as a postman who delivers a letter no longer holds on to it. This reduces exposure and supports true data minimization.

With SecuMailer, organizations achieve compliance without burdening their people. With SecuMailer users experience secure email as easy as ever, recipients get their messages where they expect them, and IT maintains workplaces without unnecessary complexity. The result is what secure email should always have been: simple, compliant, and safe, without compromises.

Why Secumailer
  • What we don’t store can’t be leaked: messages are never kept longer than needed.
  • Call, email or log a ticket, no barriers, no phone trees, just help when you need it.
  • We meet the highest European standards: ISO 27001, NEN 7510, eIDAS, ECSO and ISAE 3000 SOC Type II.
  • Rated 9.2 by our users because secure email shouldn’t be frustrating.
  • Recognised as a European cybersecurity solution supporting digital sovereignty.

Team & Leadership

Working at SecuMailer
 Behind SecuMailer is a team of specialists with one clear focus: making secure communication easy. Each colleague brings deep expertise in security, compliance, and digital communication. Together, we make sure our service remains both highly secure and simple to use. At SecuMailer you will always speak directly to one of us, no call centers, no layers in between. We work with short lines, know each other and our customers personally, and take responsibility for clear and timely answers. This way, organizations can rely not only on our technology, but also on the people behind it.

What Defines Us
Trust, professionalism, and personal attention are at the heart of how we work. Customers value that combination: expert support when it matters, and the certainty that there is always a committed team behind the service. Our specialists also hold internationally recognized certifications such as CIPP/E, CIPM, and ISSAP, underlining our expertise in privacy, compliance, and security.

Leadership at SecuMailer


 Strong leadership defines SecuMailer’s vision: secure email that is compliant and effortless. Our founders bring together deep expertise in technology, compliance, and organizational change. With their combined backgrounds, they ensure SecuMailer delivers a trusted solution that meets the highest European standards while keeping email easy for everyone.

Yvonne Hoogendoorn - CEO

Yvonne Hoogendoorn

CEO & Co-founder | CIPP/E

Yvonne Hoogendoorn believes that digital security only works when it is easy to use. With a background in sociology and computer science, she has built her career at the intersection of technology, people, and organizational change. Before founding SecuMailer, she held leadership roles in IT consultancy and environmental services, where she successfully negotiated international agreements. For the past eleven years, Yvonne has specialized in digital security and privacy. As one of the initiators of the Dutch standard NTA 7516 for secure email in healthcare, she worked closely with the Ministry of Health (VWS) and remains involved in shaping updated European standards such as NEN 7516. Her expertise in privacy regulation, combined with her focus on usability, positions her as a trusted voice in how organizations across Europe adopt secure communication.For the past eleven years, Yvonne has specialized in digital security and privacy. As one of the initiators of the Dutch standard NTA 7516 for secure email in healthcare, she worked closely with the Ministry of Health (VWS) and remains involved in shaping updated European standards such as NEN 7516. Her expertise in privacy regulation, combined with her focus on usability, positions her as a trusted voice in how organizations across Europe adopt secure communication.

Meint Post

COO & Co-founder | CISSP ISSAP

Meint Post is the technical co-founder of SecuMailer and the architect behind its secure email platform. He holds the CISSP ISSAP certification, an internationally recognized credential for advanced security architecture, highlighting his expertise in designing secure communication systems. With over 20 years of experience in IT architecture and security, Meint has designed and delivered online banking platforms and enterprise security solutions for some of Europe’s largest financial institutions. His background in cryptography, eIDAS and cloud-native architecture ensures that compliance and usability go hand in hand. Under his technical leadership, SecuMailer combines uncompromising security with the simplicity organizations need to work without friction.

Compliance, built-in / Compliance & governance

SecuMailer complies with leading international standards in information security, privacy, and compliance. Independent audits and certifications demonstrate that our service not only meets, but actively supports organizations in achieving their regulatory obligations.

For transparency, our certifications can be made available to customers and partners upon request.

ISO 27001
SecuMailer is ISO 27001 certified, the international standard for information security management systems. This certification demonstrates that we apply rigorous controls to protect sensitive information, continuously assess risks, and follow best practices to keep data secure and compliant.

NEN 7510
SecuMailer is certified to NEN 7510, the Dutch standard for information security in healthcare. This certification ensures that medical and patient information is handled according to strict national requirements, giving healthcare organizations confidence in secure digital communication.

ISAE 3000 / SOC 2 Type II
SecuMailer has successfully completed ISAE 3000 / SOC 2 Type II assurance, an independent audit that verifies the design and effectiveness of our internal controls. This provides our customers with proof that we meet strict criteria for security, availability, and privacy on an ongoing basis.

eIDAS (EU Trusted service provider)
SecuMailer is listed under the European eIDAS regulation as a qualified Electronic Registered Delivery Service (qERDS) and qualified Registered Electronic Mail Service (qREMS). This recognition confirms that our service meets the highest EU standards for trusted electronic communication and is included in the official EU Trusted List.

ECSO Label of Trustworthiness
SecuMailer is recognized with the ECSO Label of Trustworthiness, issued by the European Cyber Security Organisation (ECSO). This label distinguishes European-owned cybersecurity companies that are fully based in Europe, compliant with GDPR, and aligned with ENISA’s baseline security requirements. It confirms our commitment to European values of privacy and data sovereignty, and strengthens our visibility among partners and customers as a trusted European provider of secure email.

ISO_27001
SOC2
NEN 7510
NTA
ECSO

Want to see how SecuMailer can work for your organization?

Book a personal demo or speak directly with our team.

We’ll walk you through the solution, answer your questions, and show you how easy secure email can be.

Get a Demo
Contact us

Frequently Asked Questions

General & Product

SecuMailer is a SaaS solution that delivers secure email directly into the recipient’s inbox, without portals, plugins, or extra steps.

Most solutions redirect messages to portals; SecuMailer delivers them straight into the inbox. This removes friction for senders and recipients while still meeting compliance standards.

Our customers include organizations in healthcare, government, legal, and finance — sectors where privacy-sensitive data must be protected.

No. They simply receive the message in their inbox. Authentication is only required when necessary.

No training is needed; employees continue to email as usual. Security is applied automatically in the background.

Regular email encryption often relies on employees making choices or on portals, which leads to mistakes and friction. SecuMailer enforces secure delivery centrally, without user dependency.

Yes. SecuMailer integrates seamlessly with all major email clients and devices.

No. It works on top of your existing system (e.g., Microsoft 365 or Gmail) and does not require replacement.

Security is applied automatically by centrally managed transport rules, ensuring every email that needs protection is delivered securely.

No. Employees don’t make that decision; security is handled centrally by the organization.

No. SecuMailer is designed for professional use by organizations that must meet compliance standards.

Both. The service scales easily and is used by small teams as well as large enterprises.

Security & Compliance

Compliance is built in by design: all emails are encrypted, delivered securely, and managed according to European privacy and security standards.

Authentication (e.g., via SMS) is requested only when needed, minimizing friction while meeting compliance requirements.

We hold certifications such as ISO 27001, NEN 7510, ISAE 3000/SOC 2 Type 2, and eIDAS (qERDS & qREMS).

We don’t retain emails after delivery and host all services in Europe, ensuring compliance with GDPR principles and data sovereignty.

Portals create extra data silos and require recipients to log in repeatedly. This increases risk and frustration compared to direct inbox delivery.

If authentication is required, the unauthorized user will not pass verification and cannot access the message.

Messages are encrypted in transport and at rest, ensuring end-to-end protection until delivery.

It is removed from SecuMailer’s servers, reducing long-term exposure.

Attachments are protected with the same encryption and delivery process as the email itself.

PGP relies on user actions and key management; SecuMailer works automatically in the background, without requiring technical knowledge.

No, not in readable form. Encryption ensures that intercepted messages remain inaccessible.

No one. We don’t store emails after delivery and cannot access their content.

Incidents are handled under strict procedures, with transparency and notification according to GDPR obligations.

Implementation & Integration

Implementation is done by configuring transport rules in your existing email system, guided by our team.

Yes, SecuMailer integrates seamlessly with all major platforms.

No. SecuMailer requires no plugins or local installation.

Yes. It can integrate with systems that send large volumes of automated emails.

Usually a few days to weeks, depending on the complexity of your environment.

Yes. The platform is designed to scale for both small and very large volumes.

Yes. It works on any device that supports your email account.

No major changes are required; it works with your existing environment.

They define when emails must be sent securely. Rules are set centrally by your organization.

Typically IT admins, privacy officers, or security specialists.

Yes. Transport rules can be tailored to fit your organization’s needs.

No. Emails are delivered within normal email timeframes.

Yes. We support pilots and proof-of-concepts to validate integration.

Training is minimal because no new actions are required; IT staff receive guidance on setup and monitoring.

Yes, SecuMailer works with all types of accounts.

Yes. Existing MFA methods can be linked to recipient authentication.

No. Management is minimal and handled within your existing IT team.

Pricing, Support & Other

Pricing is subscription-based, depending on the number of users and services required.

Yes. We offer demos and pilots so you can experience SecuMailer before committing.

rect support from our team, with clear SLAs and personal attention.

Via phone, email, or our support portal.

Yes. SLAs are available and tailored to customer needs.

Yes. Usage and compliance reporting is available for administrators.

Through audits, reports, and adherence to GDPR, NTA 7516, and eIDAS standards.

Yes, upon request for compliance validation.

We provide supporting documentation and certifications.

Yes. Guidance and documentation are included during onboarding.

Currently Dutch and English, with support for more on request.

Billing is typically annual, based on licenses and agreed terms.

All servers are in Europe, ensuring compliance with GDPR and data sovereignty.

Yes. We welcome visits to our office in Lelystad, The Netherlands.