Lead Gen & CRM
How can we help you?
Search our help articles, video tutorials, and quickstart guides

You've got this. You've got us. Search our Knowledge Base to quickly find answers to your questions.

Lead Gen & CRM Data Protection: Protecting Your Data

Article: 000050346
Updated: November 7, 2023

Constant Contact considers data security of the utmost importance and takes many steps to maintain data integrity.

Article Contents

 
Users:
Administrators 
Company Managers  
Marketing Managers  
Sales Managers  
Salespersons  
Jr. Salespersons  

Audits

Constant Contact routinely audits the application, infrastructure, and security in effort to maintain a safe and secure service. The audits involved are as follows:
 

Audit Type Description
Application Audits






 

Constant Contact goes through a quarterly PCI audit
administered by TrustWave. These audits evaluate
Constant Contact's application footprint and extranet tools for
industry-published vulnerabilities and attack vectors.

Infrastructure
Audits







 

Constant Contact infrastructure and development deployments—
including source code changes—are peer-reviewed,
QA-tested, and audited before every testing and production
release. These steps are taken for consistency, to protect
against potential known vulnerabilities or threats, and to
ensure product stability using a series of automated and
manual tests. 

External Audits






 

As both a Salesforce and Google partner, Constant Contact
continually undergoes mandatory rigorous third-party
security auditing and review to maintain necessary partner
compliance.

Security Audits






 

Constant Contact performs routine security audits on all servers and applies security updates as they are made available.
The Constant Contact Vulnerability Assessment team performs internal audits using a combination of both open-source and proprietary industry standard tools—such as OpenVas and Nessus—to assess the Constant Contact platform.

 



Data

Constant Contact makes a point to practice safety in the digital sphere. This safety starts and ends with data security. The ways that Constant Contact practice data safety include:
 

Data Type Description
Data in Transit






 

All sensitive data shared between the application, extranet,
tracking endpoints, and servers is transferred using
Transport Layer Security (TLS) with up-to date-ciphers 
utilizing (at a minimum) 256-bit RSA encryption keys.

Data at Rest






 

Credentials are stored in an encrypted on-disk format to
prevent the data from being compromised in the event
that a data theft or data breach incident occurs.

Redundant
Architecture







 

Constant Contact uses a redundant server architecture (which
includes removing single points of failure and quickly having
the ability to scale) that will protect client data and the
continuity of Constant Contact's services in the event the primary infrastructure suffers loss or outages.

Data Backup






 

Constant Contact's backup procedures follow the basic rules of the CIA triad: confidentiality, integrity, and availability.
Backups are verified for integrity, are encrypted, are securely transferred, and are stored at both on-site and off-site locations. These backups are then verified through
reanimation testing.

 


Did this article answer your question?


Constant Contact Logo

Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center