CrestlinTech provides SMTP relay, transactional email delivery, and communication API services built for UK regulatory compliance, enterprise security, and infrastructure-grade reliability.
Purpose-built communication infrastructure designed for high-volume transactional sending with full compliance oversight and dedicated support.
High-throughput delivery infrastructure for transactional messages including order confirmations, account notifications, password resets, and system alerts.
Enterprise SMTP relay with mandatory TLS enforcement, authentication requirements, and per-client IP segregation for maximum deliverability and reputation management.
RESTful API with comprehensive SDKs for Python, Node.js, PHP, Java, and .NET. Detailed event webhooks and real-time delivery tracking via our developer portal.
Guided implementation of SPF, DKIM, and DMARC records. Our compliance team performs verification and ongoing monitoring to maintain sender authentication standards.
Comprehensive dashboards covering delivery rates, bounce classifications, engagement patterns, and domain-level reporting with exportable data in CSV and JSON formats.
Automated classification and processing of hard and soft bounces. Complaint feedback loop integration with major ISPs and automatic suppression list management.
Our platform is designed from the ground up with UK regulatory compliance, data sovereignty, and enterprise security requirements as primary considerations.
Every new account application undergoes a manual review by our compliance team before activation. We assess the intended use case, sending domain, and business legitimacy prior to granting platform access. Accounts sending unsolicited or bulk commercial email are not permitted under any circumstances.
All clients must complete a Know Your Customer process including company registration verification, director identification, and domain ownership confirmation. This ensures our infrastructure is only accessible to legitimate, identified businesses operating lawfully within their jurisdiction.
Our data handling practices, retention policies, and processing agreements are designed to support your obligations under the UK General Data Protection Regulation and the Privacy and Electronic Communications Regulations. We provide Data Processing Agreements as standard for all enterprise accounts.
Our platform operates continuous real-time monitoring for anomalous sending behaviour, complaint rate spikes, and known abuse patterns. Accounts triggering abuse thresholds are automatically throttled and reviewed by our 24/7 operations team, with immediate suspension where policy violations are confirmed.
Contact our enterprise team to discuss your requirements. All accounts require compliance review and identity verification before activation.
Founded in London in 2021, CrestlinTech Ltd was established to address the gap in the UK market for compliance-first, enterprise-grade transactional communication infrastructure.
CrestlinTech was founded in 2021 by a team of infrastructure engineers and compliance specialists who recognised that most communication delivery platforms treated regulatory compliance as an afterthought rather than a foundational requirement.
Our platform was designed from inception with UK GDPR, PECR, and anti-abuse controls built into the core architecture. We serve financial services firms, SaaS platforms, e-commerce businesses, and enterprise software providers that require assured compliance posture alongside infrastructure-grade reliability.
We operate exclusively within the UK market, maintaining UK data residency, and our compliance team holds relevant certifications in data protection and information security management.
We believe that organisations handling sensitive communications should be able to rely on infrastructure that is as committed to regulatory compliance as they are. Every product decision we make is evaluated against this principle.
Previously Infrastructure Director at a leading UK payments processor. 18 years in enterprise communications.
MSc Computer Science, Imperial College London. Former Principal Engineer at a FTSE 250 technology group.
Certified Information Privacy Professional (CIPP/E). Specialist in UK GDPR and data protection law.
Infrastructure and distributed systems specialist. 12 years building high-availability email delivery platforms.
From transactional email delivery to compliance monitoring and API-based routing, CrestlinTech provides the complete infrastructure stack.
Our compliance-first infrastructure is particularly suited to industries operating under rigorous regulatory frameworks where communication accountability is essential.
FCA-regulated institutions require communication infrastructure with verifiable audit trails, data residency controls, and robust anti-fraud measures. CrestlinTech supports mandatory record-keeping obligations and provides the documentation required for compliance audits.
SaaS providers sending account notifications, usage alerts, and system communications at scale need infrastructure that handles volume reliably whilst maintaining domain reputation and compliance with user consent requirements.
E-commerce operators sending order confirmations, dispatch notifications, and account communications must ensure delivery reliability whilst remaining within PECR requirements. Our infrastructure supports strict opt-in enforcement.
Enterprise software vendors embedding email capabilities into their products require a relay infrastructure that can be white-labelled, integrated via SMTP or API, and delivers the compliance guarantees their enterprise customers demand.
Organisations handling patient communications and health-related notifications must operate under heightened data protection standards. Our infrastructure supports the additional safeguards required for special category data handling.
Professional services firms require secure, confidential communication delivery with clear accountability. Our infrastructure supports SRA and ICAEW-regulated practices with the assurance levels required for client communications.
All plans require compliance review and identity verification before activation. Prices exclude VAT at the applicable UK rate.
All account activations are subject to a manual compliance review and identity verification process. CrestlinTech Ltd reserves the right to decline applications that do not meet our acceptable use requirements. Unsolicited bulk email, commercial marketing without verified opt-in consent, or any other use case conflicting with our Acceptable Use Policy will result in immediate rejection or suspension. All prices exclude UK VAT at 20%.
Welcome to the CrestlinTech developer documentation. This reference covers authentication, the REST API, SMTP relay configuration, and integration guides for our communication infrastructure platform.
All API access requires a valid account with active compliance verification. API keys are issued after account approval and can be managed within your client dashboard.
All API requests must include your API key in the Authorization header using Bearer token authentication. API keys are scoped per account and can be issued with read-only or full access permissions.
The POST /v1/messages/send endpoint accepts JSON payloads for single message dispatch. Batch sending is supported via the /v1/messages/batch endpoint.
For platforms integrating via SMTP relay, use the following settings. TLS is mandatory; connections without encryption will be rejected.
All sending domains must have valid SPF, DKIM, and DMARC records configured before use. Our compliance team will verify your DNS configuration during account setup. Sending from unauthenticated domains is not permitted.
p=none with reporting enabledConfigure webhook endpoints in your dashboard to receive real-time delivery event notifications. All webhook payloads are signed with HMAC-SHA256.
Every layer of the CrestlinTech platform is designed with security, data protection, and regulatory compliance as primary requirements, not secondary considerations.
All SMTP connections are required to use TLS 1.2 or higher. Plaintext SMTP connections are refused at the network level. API traffic is served exclusively over HTTPS with modern cipher suites. Certificate pinning is available for enterprise clients.
Our platform is designed to support your obligations under the UK General Data Protection Regulation. We provide Data Processing Agreements as standard, process personal data only as instructed, and maintain comprehensive records of processing activities in accordance with Article 30 requirements.
The Privacy and Electronic Communications Regulations govern direct electronic marketing to UK individuals. CrestlinTech's platform enforces strict opt-in requirements: we do not permit sending to recipients who have not given valid prior consent. Our compliance team reviews all account use cases against PECR requirements during onboarding.
All new accounts complete a Know Your Customer process prior to activation. This includes verification of UK Companies House registration, director identification, and confirmation of the registered sending domain. We do not activate accounts for unidentified entities or where the stated business purpose cannot be verified.
Our 24/7 operations team operates automated abuse detection systems that monitor complaint rates, bounce patterns, blocklist status, and volume anomalies in real time. Accounts exceeding defined thresholds are automatically throttled and reviewed. Policy violations result in immediate suspension without notice.
For clients with international audiences, we support compliance with the US CAN-SPAM Act requirements including accurate sender identification, functional unsubscribe mechanisms, and prohibition of deceptive subject lines. Our compliance team advises on cross-jurisdictional requirements during onboarding.
Every new account application is reviewed by a member of our compliance team before any infrastructure access is granted. We assess the applicant's business registration, intended use case, sending domain, and stated audience characteristics.
Accounts for which the intended use case includes sending to non-opted-in recipients, purchasing or renting contact lists, or any form of unsolicited commercial messaging are declined without exception.
Our internal fraud and risk assessment procedures are reviewed quarterly by our legal counsel to ensure they remain aligned with current regulatory guidance from the ICO and Ofcom.
We conduct ongoing account monitoring and reserve the right to request evidence of recipient consent at any time. Non-compliance with our Acceptable Use Policy results in immediate account suspension.
Complete this form to begin the compliance review process. All fields are required. Account activation is subject to identity verification and compliance assessment.
By submitting this form, you confirm that you have read and agree to the Acceptable Use Policy and Terms of Service. Your application will be reviewed within 2 business days.
CrestlinTech Ltd ("CrestlinTech", "we", "us", or "our"), a company registered in England and Wales under Company Number 12984756, with registered office at 4th Floor, 30 St Mary Axe, London, EC3A 8BF, is committed to protecting and respecting your privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our services, or interact with us. We are registered with the Information Commissioner's Office under registration number ZB482193.
CrestlinTech Ltd is the data controller for personal data collected through our website and services. For data protection enquiries, please contact our Data Protection Officer at dpo@crestlintech.co.uk.
We collect the following categories of personal data:
We process personal data under the following lawful bases as defined in Article 6 of the UK GDPR:
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Account data is retained for seven years following account closure for legal and regulatory purposes. We will delete or anonymise personal data upon request, subject to any legal retention obligations.
All personal data processed through our platform is stored within the United Kingdom. We do not transfer personal data to countries outside the UK unless such transfer is subject to an appropriate safeguard as defined under UK GDPR Article 46.
Under UK GDPR, you have the following rights in relation to your personal data: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object, and rights in relation to automated decision-making. To exercise any of these rights, please contact dpo@crestlintech.co.uk.
For privacy enquiries: dpo@crestlintech.co.uk · CrestlinTech Ltd, 4th Floor, 30 St Mary Axe, London, EC3A 8BF.
You have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.
These Terms of Service constitute a legally binding agreement between you and CrestlinTech Ltd governing your use of our communication infrastructure platform. By activating an account, you confirm that you are authorised to enter into this agreement on behalf of your organisation.
"Services" means the communication infrastructure, API, SMTP relay, and associated tooling provided by CrestlinTech Ltd. "Client" means the company or individual whose account application has been approved and who has agreed to these Terms. "Messages" means email messages or other electronic communications transmitted through our infrastructure.
Access to our Services is restricted to businesses registered in the United Kingdom or other jurisdictions where we permit access, as determined in our sole discretion. All applicants must complete identity verification and comply with our KYC process. We reserve the right to decline any application without providing a reason.
The Services may only be used for lawful transactional communication to recipients who have provided valid, documented consent to receive such communications. The Services may not be used for any form of unsolicited commercial email, for communications to purchased, rented, or third-party sourced contact lists, or for any purpose that violates our Acceptable Use Policy.
Clients are solely responsible for ensuring that their use of the Services complies with all applicable legislation including the UK GDPR, the Privacy and Electronic Communications Regulations, the Computer Misuse Act 1990, and any other relevant laws. CrestlinTech Ltd is not liable for any regulatory enforcement action arising from a Client's non-compliant use of the platform.
CrestlinTech Ltd reserves the right to suspend or terminate any account immediately and without notice where it determines, in its sole discretion, that the account is being used in violation of these Terms, the Acceptable Use Policy, or any applicable law. No refund will be issued in respect of periods following termination for cause.
We target 99.9% platform availability for standard accounts and up to 99.99% for Enterprise accounts with SLA agreements. Planned maintenance windows will be communicated with a minimum of 48 hours' notice. Unplanned outages are communicated via our status page at status.crestlintech.co.uk.
To the extent permitted by law, CrestlinTech Ltd's aggregate liability to a Client in connection with these Terms shall not exceed the fees paid by that Client in the twelve months preceding the relevant claim. We are not liable for indirect, consequential, or punitive damages of any kind.
These Terms are governed by English law. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
Summary: CrestlinTech's infrastructure may only be used for legitimate transactional communications to recipients who have provided explicit, documented consent. Any form of unsolicited, bulk, or non-consented electronic communication is strictly prohibited and will result in immediate account suspension.
The following are strictly prohibited on the CrestlinTech platform:
Important Notice: CrestlinTech operates automated abuse detection systems that monitor complaint rates, bounce patterns, and sending behaviour in real time. Accounts exhibiting complaint rates above 0.1% or behaviour consistent with unsolicited sending will be automatically throttled and immediately reviewed. Policy violations will result in permanent account suspension without refund.
All recipients must have provided explicit, documented opt-in consent to receive electronic communications from your organisation. The following standards apply:
All messages sent through our platform must include accurate sender identification, a valid reply-to address, a functional unsubscribe mechanism, and the physical address of the sending organisation. Subject lines must accurately reflect the content of the message.
CrestlinTech reserves the right to inspect message content, headers, and sending patterns for compliance purposes. We will co-operate fully with law enforcement, the ICO, and other regulatory bodies. Accounts suspended for policy violations will be reported to relevant industry bodies where required.
To report abuse of our infrastructure, please contact abuse@crestlintech.co.uk. All reports are investigated by our compliance team within one business day.
p=none. Update to p=quarantine or p=reject to improve your compliance score.| IP Address | Score | Blocklists | Status |
|---|---|---|---|
| 185.214.xxx.41 | 96/100 | 0 listed | Clean |
| 185.214.xxx.42 | 94/100 | 0 listed | Clean |
| Status | Count | Rate |
|---|---|---|
| Delivered | 478,703 | 99.3% |
| Bounced | 1,447 | 0.3% |
| Complained | 48 | 0.01% |
| Deferred | 1,932 | 0.4% |