Highcroft Digital provides secure, authenticated transactional email infrastructure for financial institutions, SaaS platforms, and enterprise software providers operating across the UK and Europe.
Every component of our platform is designed with security, deliverability, and regulatory compliance at its core.
We built Highcroft Digital to address a gap in the UK market: enterprise-grade messaging infrastructure that takes regulatory compliance as seriously as deliverability performance.
Every account undergoes a manual compliance review before activation. We conduct identity verification of all account holders and require documented proof of sender authorisation before any sending infrastructure is provisioned.
This is not a self-serve bulk mailing platform. We serve organisations with legitimate, transactional communication needs who require verifiable infrastructure provenance.
All account holders must complete identity verification before account activation.
Every new account is reviewed by our compliance team prior to infrastructure access.
Sending rights are scoped to approved transactional use cases documented at onboarding.
Automated systems and human oversight monitor all traffic for policy violations.
Highcroft Digital Ltd is a London-registered communication infrastructure company, founded in 2021 to provide compliance-first transactional messaging services to UK and European enterprises.
Highcroft Digital was founded with a clear purpose: to provide financial institutions, regulated SaaS platforms, and enterprise software providers with messaging infrastructure that meets the standards their industries demand.
Unlike commodity email service providers, we do not operate as an open or self-serve platform. Every client relationship begins with a compliance review. We take responsibility for the infrastructure we provide, which means holding every sender to the same high standards we set for ourselves.
We are registered with the UK Information Commissioner's Office (ICO) and operate in accordance with the UK General Data Protection Regulation, the Privacy and Electronic Communications Regulations (PECR), and all applicable data protection legislation.
| Legal Name | Highcroft Digital Ltd |
| Company Type | Private Limited Company |
| Company Number | 13847291 |
| VAT Number | GB 412 8836 09 |
| Founded | 2021 |
| ICO Registration | ZB487301 |
| Registered Office | Fourth Floor, 12 Finsbury Square, London EC2A 1AR, United Kingdom |
Our leadership team brings experience across financial services technology, enterprise infrastructure, and regulatory compliance.
From SMTP relay to delivery analytics, every component is designed for enterprise reliability and regulatory compliance.
Purpose-built for high-volume transactional messaging: account notifications, password resets, order confirmations, billing alerts, and operational system messages.
Enterprise SMTP relay with enforced TLS, certificate-pinned connections, and per-client authentication. Suitable for application-layer integration without modifying existing infrastructure.
A RESTful API designed for developer integration, with official SDKs for Python, Node.js, PHP, Ruby, Java, and .NET. Full OpenAPI 3.0 specification available.
Comprehensive SPF, DKIM, and DMARC implementation guidance, with ongoing monitoring and alerting for authentication failures or policy drift.
Full-funnel visibility across every message sent through our infrastructure. Exportable reporting for compliance evidence, performance reviews, and internal audits.
Dedicated IP addresses with structured warmup plans, continuous blacklist monitoring, and proactive intervention from our deliverability specialists.
Our infrastructure is deployed by organisations where messaging reliability, auditability, and compliance are non-negotiable.
All plans require successful completion of our compliance review process before activation. Pricing excludes UK VAT at 20%.
All prices exclude UK VAT at the standard rate of 20%. Annual contracts available at a 15% discount. Contact our sales team for volume pricing above 5 million messages per month.
Integration guides, API reference, and best practices for the Highcroft Digital platform.
The Highcroft Digital platform provides secure transactional messaging infrastructure via two primary integration paths: a RESTful HTTP API and SMTP relay. Both methods require prior compliance review and account activation.
All API requests must include your account API key in the Authorization header using Bearer token authentication.
The following example demonstrates sending a transactional notification via the API. All requests must originate from verified, authenticated domains registered within your account.
For application-level SMTP integration, use the following relay endpoint. TLS 1.2 or higher is mandatory — connections over unencrypted SMTP are not accepted.
Configure webhook endpoints within your account dashboard to receive real-time delivery status events. All webhook payloads are signed using HMAC-SHA256.
Highcroft Digital is built around the principle that infrastructure security and regulatory compliance are foundational, not optional features.
All data transmitted via our API and SMTP relay is encrypted using TLS 1.3. TLS 1.2 is the minimum accepted version. Unencrypted connections are rejected at the transport layer.
All sending domains must have SPF, DKIM, and DMARC records validated and confirmed before traffic is accepted. We enforce p=quarantine or p=reject DMARC policies for enterprise accounts.
API keys are issued per account with role-based scoping. Keys can be rotated on demand and are never stored in recoverable form. All access is logged and available in your account audit trail.
Our sending infrastructure is distributed across geographically separated UK and EU data centres, with automated failover and no single point of failure for message processing.
Automated systems monitor all outbound traffic for anomalous patterns, volume spikes, complaint rate increases, and other indicators of policy violation or account compromise.
We act as a data processor for our clients and provide a Data Processing Agreement (DPA) compliant with UK GDPR Articles 28 and 29. We do not use personal data for any purpose beyond message delivery.
Our platform supports PECR-compliant transactional messaging workflows. We do not permit electronic marketing to individuals without documented opt-in consent under Regulation 22.
For clients sending to US-based recipients, we provide guidance and tooling to support CAN-SPAM Act compliance requirements, including unsubscribe management for commercial messages.
Highcroft Digital Ltd is registered with the Information Commissioner's Office as a data controller (Registration: ZB487301). Our registration is current and renewed annually.
We operate a zero-tolerance policy towards unsolicited bulk email. Accounts found to be transmitting unsolicited messages are suspended immediately and reported to relevant authorities where appropriate.
Our team is available Monday to Friday, 09:00–17:30 GMT. Enterprise clients have access to extended support hours.
All account enquiries are reviewed by our compliance team before any access is granted. Please provide accurate information about your organisation and intended use case.
By submitting this form you agree to our Privacy Policy. We will only use your information to respond to your enquiry.
This Privacy Policy describes how Highcroft Digital Ltd ("Highcroft Digital", "we", "our", or "us") collects, uses, stores, and discloses personal data when you access our website, enquire about our services, or use our messaging infrastructure platform.
We are committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Highcroft Digital Ltd is the data controller for personal data processed through this website and in connection with our services. Our registered office is at Fourth Floor, 12 Finsbury Square, London EC2A 1AR. We are registered with the Information Commissioner's Office under registration number ZB487301.
We may collect the following categories of personal data:
We process personal data under the following lawful bases: performance of a contract (where processing is necessary to provide our services); compliance with a legal obligation; legitimate interests (for account security, fraud prevention, and service improvement); and consent (where explicitly obtained).
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Account data is retained for the duration of the contractual relationship and for a period of 7 years thereafter for legal and compliance purposes.
Under UK GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing activities. To exercise your rights, please contact our Data Protection Officer at dpo@highcroftdigital.co.uk.
For all data protection enquiries, contact our Data Protection Officer at dpo@highcroftdigital.co.uk or write to Fourth Floor, 12 Finsbury Square, London EC2A 1AR.
By accessing or using any service provided by Highcroft Digital Ltd ("Highcroft Digital", "we", "our"), you agree to be bound by these Terms of Service. If you do not agree, you must not use our services.
Highcroft Digital provides transactional messaging infrastructure including SMTP relay, API-based message dispatch, delivery analytics, and related services. All services are subject to compliance review and are intended exclusively for transactional and operational communication purposes.
To access our services you must be a legal entity or individual operating a legitimate business. All accounts are subject to a mandatory compliance review and Know Your Customer (KYC) verification process before access is granted. We reserve the right to decline any application without providing a reason.
Our platform may only be used for transactional messaging: communications that are sent in response to a specific user action, subscription lifecycle notifications, operational system alerts, and other non-marketing communications to individuals who have an existing, documented relationship with the sending organisation.
You must not use our services to send unsolicited bulk email, electronic marketing communications to individuals who have not provided opt-in consent, phishing or fraudulent communications, malware distribution, or any communication that violates applicable law. Violation results in immediate suspension.
We target 99.9% platform availability on Professional plans and 99.98% on Enterprise plans, measured monthly, excluding scheduled maintenance windows. Service level credits are available as detailed in your Service Level Agreement.
To the maximum extent permitted by applicable law, Highcroft Digital's aggregate liability to you in respect of any claim arising out of or in connection with these Terms shall not exceed the fees paid by you in the three months preceding the claim.
These Terms are governed by the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
For queries relating to these Terms, contact legal@highcroftdigital.co.uk.
Highcroft Digital operates a zero-tolerance policy towards all forms of unsolicited electronic communication. Any account found to be in violation of this policy will be suspended immediately without prior notice and may be referred to the appropriate regulatory authorities.
This Acceptable Use Policy ("AUP") governs all use of Highcroft Digital's messaging infrastructure, APIs, SMTP relay, and associated services. By activating an account, you agree to be bound by this policy in full.
Our infrastructure is exclusively authorised for transactional and operational messaging. Permitted communications include:
The following activities are strictly prohibited and will result in immediate account suspension:
Where marketing or promotional messages are sent using our infrastructure (subject to specific approval), the sender must maintain documented evidence of opt-in consent for each recipient, including the date, time, method of consent, and the specific consent statement presented. This documentation must be available to Highcroft Digital upon request.
We actively monitor all traffic for policy violations. Accounts exhibiting complaint rates above 0.08%, bounce rates above 5%, or anomalous sending patterns will be automatically flagged for review and may be suspended pending investigation. We cooperate fully with law enforcement agencies and regulatory bodies including the ICO and Ofcom.
To report abuse of our infrastructure, contact abuse@highcroftdigital.co.uk. We investigate all reports and take appropriate action within one business day of a confirmed violation.
Forgot your password?