Data Security Isn’t Just for Enterprises — So Why Does Mailchimp Treat It Like It Is?

Only large businesses need data security, right?

This (in the image) is Mailchimp's approach to data security on its platform (please remember, this company is owned by Intuit, which is one of, if not the, largest providers of financial software to SMBs globally).

I am on the highest available tier below their $350+/mo "Premium" offering, and I am unable to create an account that can send email (this is an email marketing tool) but cannot export all my data, create new users, or connect my account up to unknown integrations.

And as a bonus admin accounts are able to transfer ownership of the entire Mailchimp instance. A level of access that should be given exceedingly sparingly on any SaaS platform, and certainly not as a response to the business requirement, "Must be able to send marketing emails".

This is like Microsoft deciding that if you buy Microsoft 365 Business Standard you either need to give the user read-only access to any of your resources or make them a Global Admin, nothing in between.

I have no issue with having pay more or upgrade my service to have more user accounts on a platform, we can't expect that free or crazily cheap offerings will have every feature. But hiding essential and reasonable security that allows us to keep control of our data behind a 10x price increase simply says that your product doesn't have a security-first mentality.

So now that my business has grown so that I want to have someone other than me send email updates, I guess I'll be finding a new email list provider (as I definitely won't be compromising the security of my customer's data). The unfortunate thing though, is my take on this is rather niche, and most small business owners looking at a tool like this probably won't see the problem.

❓ I must be missing something, right? But in case I'm not. What email marketing service (with reasonably granular permissions) do you use?

Posted on Linkedin 07/15/2025 -> View post here