If you use TrustedForm in some capacity, this blog post is to inform you about an upcoming data security enhancement and help you prepare for any changes needed to avoid any disruption to your business.

Why is this important?

Beginning July 5, 2023, new TrustedForm certificates will, by default, hide all form input data in session replays to protect against any possible unauthorized access of the Personally Identifiable Information (PII) of consumers. Note: All TrustedForm Certificates created prior to this update will have no change. 

With this change, the full session replays (with form inputs) will only be viewable by users who have demonstrated that they already have access to the PII in the session replay. This enhancement ensures that consumer data cannot be accessed through the TrustedForm Certificate by any party who doesn’t already have access to the consumer data. This new data protection is achieved without compromising the current session replay functionality of TrustedForm.

Access to full TrustedForm Certificate session replays is provided in a number of ways:

  1. Generate the Certificate using a verified domain. All Certificates created using your verified domains are visible to you by default. This is because you have proven that you have access to the website where the leads are being captured. However, any parties with whom you share a Certificate will still need to unlock the Certificate via one of the options below.
  2. View the Certificate using the lead matching feature. Enter the email address or phone number submitted by the consumer for that Certificate to unlock it.
  3. Use the TrustedForm API to programmatically unlock your Certificates by performing the lead matching process (referred to as lead fingerprinting) via the API call. If you are using TrustedForm within LeadConduit, LeadConduit does the lead matching process by default, so there is nothing you need to do.

In addition, if you sell leads in a ping post auction environment, the TrustedForm Ping URLs will no longer be needed after this change. This enhancement will allow lead providers who sell leads in ping-post auctions to safely pass the TrustedForm Certificate URL on the ping.

Why did we do this?

We are not aware of any unauthorized access to consumer data via TrustedForm Certificates. We did this as a precautionary measure and to simplify implementation by eliminating the need for ping URLs in ping post lead distribution. 

ActiveProspect is committed to protecting all the parties in the consent-based marketing ecosystem – the publishers generating the leads, the companies buying the leads, and most importantly, the consumers requesting to be contacted. This update benefits all of these groups involved in the lead acquisition process. Consumer’s data is protected against unauthorized access. Lead sellers can be confident that the leads they generate are not accessible by buyers until the leads have been purchased. Lead buyers are assured that exclusive leads remain as such.


If you need help or have any questions, reach out to your Client Success Manager or contact the support team.