How secure is my data on Constant Contact servers?
How is data security managed on Constant Contact servers?
The security of our site is managed on multiple levels including Physical, Network, Host, Software, and User Account Security.
Constant Contact maintains internal security policies and procedures in support of its ongoing operations. Access to resources is granted only to those who reasonably require access based on their responsibilities.
Physical access to our machines is restricted to specific individuals and uses multiple levels of security, including:
- The equipment hosting Constant Contact's services is located in physically secure facilities. Access to these facilities is limited to authorized personnel. Badge access and biometric authentication (hand scanners and fingerprint IDs) are required in order to access the facilities.
- Constant Contact equipment is isolated and secured in spaces reserved for Constant Contact equipment only, spaces are not shared with 3rd parties.
- Access to hosting environments is regularly reviewed to ensure authorization.
- Security guards perform random checks of facilities hosting Constant Contact equipment to ensure physical security controls have not been compromised.
- Access to Constant Contact's services is via standard HTTP and HTTPS connections.
- Constant Contact's hosting environment is protected from the public Internet via multiple and distinct firewalls, and monitored with a network-based commercial intrusion detection system.
- All of your account, credit card, and subscriber information and content is encrypted via industry-standard Secure Sockets Layer (SSL) connections over HTTPS. Users may consult their web browser's address or location bar to determine if the currently accessed page is encrypted via SSL.
- Constant Contact undergoes industry-standard security hardening efforts on all systems. In accordance with our security and change management policies, unused services are disabled and software updates are applied on a regular basis.
- Constant Contact regularly reviews information on current security vulnerabilities, including vendor announcements and other industry sources. If security updates are determined to be critical to the Constant Contact environment, they are thoroughly tested and deployed in a timely manner.
- All hosts and services are routinely monitored for integrity and availability. Operations staff review all alerts generated by monitoring systems, and respond promptly.
- Our servers are monitored 24x7 for malicious activity.
- Administrative access to Constant Contact infrastructure is limited to strictly authorized users. Individual usernames and passwords are required for all machine and data access.
- Strong password guidelines are in place, including complexity and minimum length requirements. Passwords are expired and changed on a regular basis.
- All internally developed code is subject to a strict Quality Assurance program, including extensive testing of functionality and business logic. Strong change control processes are in place to ensure that all code deployed to the production environment has been appropriately reviewed.
- Constant Contact regularly undergoes security reviews, including external and internal scanning for vulnerabilities on an ongoing basis by a 3rd party vendor. All vulnerabilities discovered are reviewed by internal security and addressed according to severity.
User Account Security:
- User-level access to Constant Contact services is provided via a username and password selected by the end user.
- Passwords and credit card numbers are encrypted.
- User account setup, maintenance, and termination are under the control of the end user.
Note: Constant Contact complies with the EU and Swiss Safe Harbor framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union and the Swiss Confederation.