Language

We're making it easier to get around Constant Contact with a brand new left navigation. Not all accounts have that change yet, so if your navigation looks different from our articles, that's why–but everything from the top can now be found on the left!

Email and Digital Marketing
How can we help you?
Search our help articles, video tutorials, and quickstart guides

You've got this. You've got us. Search our Knowledge Base to quickly find answers to your questions.

Security of my data on Constant Contact servers

Article: 000005632
Updated: September 24, 2024

How is data security managed?

The security of our site is managed on multiple levels, including Physical, Network, Host, Software, and User Account Security. Constant Contact maintains internal security policies and procedures in support of its ongoing operations. Access to resources is granted only to those who reasonably require access, based on their responsibilities. We hold EU-US Privacy Shield certification, which has been deemed adequate by the European Commission and enables certified US companies to transfer personal data under EU law. We also participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.

For more information, please visit and read over our Terms & Conditions.

Our company has a SOC 2 report available for potential and existing customers. SOC 2 is an independent audit report that ensures our systems and processes meet high standards for security. If you would like to request a copy of our SOC 2 report, please contact our legal department at legal@constantcontact.com. Customers will need to sign a Non-Disclosure Agreement (NDA) before receiving the report.

Physical Security

Physical access to our machines is restricted to specific individuals and uses multiple levels of security, including:

  • The equipment hosting Constant Contact's services is located in physically secure facilities. Access to these facilities is limited to authorized personnel. Badge access and biometric authentication (hand scanners and fingerprint IDs) are required to access the facilities.
  • Constant Contact equipment is isolated and secured in spaces reserved for Constant Contact equipment only. Spaces are not shared with 3rd parties.
  • Access to hosting environments is regularly reviewed to ensure authorization.
  • Security guards perform random checks of facilities hosting Constant Contact equipment to ensure physical security controls have not been compromised. 



Network Security

  • Constant Contact's hosting environment is protected from the public Internet via web application firewalls, and monitored with a network-based commercial intrusion detection system.
  • All of your account, credit card, and subscriber information and content is encrypted via TLS 1.2 connections over HTTPS.



Host Security

  • Constant Contact undergoes industry-standard security hardening efforts on all systems. In accordance with our security and change management policies, unused services are disabled and software updates are applied on a regular basis.
  • Constant Contact regularly reviews information on current security vulnerabilities, including vendor announcements and other industry sources. If security updates are determined to be critical to the Constant Contact environment, they are thoroughly tested and deployed in a timely manner.
  • All hosts and services are routinely monitored for integrity and availability. Operations staff review all alerts generated by monitoring systems and respond promptly.
  • Our servers are monitored 24x7 for malicious activity.
  • Administrative access to Constant Contact infrastructure is limited strictly to authorized users. Individual usernames and passwords are required for all machine and data access.
  • Strong password guidelines are in place, including complexity and minimum length requirements. Passwords are expired and changed on a regular basis.



Software Security

  • All internally developed code is subject to a strict Quality Assurance program, including extensive testing of functionality and business logic. Strong change control processes are in place to ensure that all code deployed to the production environment has been appropriately reviewed.
  • Constant Contact regularly undergoes security reviews, including external and internal scanning for vulnerabilities on an ongoing basis by a 3rd party vendor. All vulnerabilities discovered are reviewed by internal security and addressed according to severity.



User Account Security

  • User-level access to Constant Contact services is provided via a username and password selected by the end user.
  • New customer accounts are also protected with multi-factor authentication. 
  • Passwords and credit card numbers are encrypted.
  • User account setup, maintenance, and termination are under the control of the end user. 

Questions?

Ask the Community

Did this article answer your question?

Yes
Partially
No

Related Answers

Constant Contact Logo

Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center