ActiveProspect Security

We know your business data is extremely important to you, so we’re very protective of it.
 
Need to report a security vulnerability?
Please see our Responsible Disclosure policy below.

Security Overview

Physical Security
Our systems reside in a SOC 2 compliance datacenter. Access is restricted to properly credentialed datacenter employees. Security is regularly audited by an outside auditor to verify compliance.
 
System Security
Our systems are located on a private, isolated network, with only customer-required services exposed to the public Internet. We patch our systems on an ongoing basis to defend against current exploits.
 
Communications
Communication between customer systems and our systems takes place over secure, encrypted channels whenever possible. When a customer requests to transmit information over an inherently insecure channel (such as email or unencrypted FTP), we will explain the risks and present alternatives.
 
Employee Access
Our employees occasionally access your account for support or troubleshooting purposes. All ActiveProspect employees have undergone a thorough background check before being granted internal access to our systems.
 
Credit Card Security
We do not store credit card information on our systems. When you enter a credit card number for payment, it is transmitted directly from your browser to our payment processor’s systems who stores your data on their PCI compliant infrastructure.
 
Responsible Disclosure of Security Vulnerabilities
Keeping customer data safe is a top priority at ActiveProspect. We work hard to protect our customers from the latest threats. We appreciate your help in disclosing any vulnerabilities you find to us in a responsible manner.
 
Reporting Security Problems
Please send urgent or sensitive reports directly to security@activeprospect.com. Use our public key to keep your information safe and please provide us with a secure way to respond. Our entire development staff monitors that email address, and we will acknowledge your message as quickly as possible, typically within 8 hours (and no longer than 24 hours). We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern.
Please act in good faith towards our users’ privacy and data during your disclosure. We won’t take legal action against you or administrative action against your account if you act accordingly. White hat researchers are always appreciated. We’ll gladly give appropriate credit for responsible disclosure of significant vulnerabilities.
 

Thanks!

Special thanks to the following individuals, who have responsibly disclosed vulnerabilities in the past:

 
 
 
 

Ready to get started?

Get in touch