We know your business data is extremely important to you, so we’re very protective of it.

Need to report a security vulnerability?

Please see our Responsible Disclosure policy below.

Security Overview

Physical Security

Our systems reside in a SOC 2 compliance datacenter. Access is restricted to properly credentialed datacenter employees. Security is regularly audited by an outside auditor to verify compliance.

System Security

Our systems are located on a private, isolated network, with only customer-required services exposed to the public Internet. We patch our systems on an ongoing basis to defend against current exploits.

Communications

Communication between customer systems and our systems takes place over secure, encrypted channels whenever possible. When a customer requests to transmit information over an inherently insecure channel (such as email or unencrypted FTP), we will explain the risks and present alternatives.

Employee Access

Our employees occasionally access your account for support or troubleshooting purposes. All ActiveProspect employees have undergone a thorough background check before being granted internal access to our systems.

Credit Card Security

We do not store credit card information on our systems. When you enter a credit card number for payment, it is transmitted directly from your browser to our payment processor’s systems who stores your data on their PCI compliant infrastructure.

Responsible Disclosure of Security Vulnerabilities

Keeping customer data safe is a top priority at ActiveProspect. We work hard to protect our customers from the latest threats. We appreciate your help in disclosing any vulnerabilities you find to us in a responsible manner.

Reporting Security Problems

Please send urgent or sensitive reports directly to security@activeprospect.com. Use our public key to keep your information safe and please provide us with a secure way to respond. Our entire development staff monitors that email address, and we will acknowledge your message as quickly as possible, typically within 8 hours (and no longer than 72 hours). We’ll work with you to make sure that we understand the scope of the issue, and that we fully address your concern. Please act in good faith towards our users’ privacy and data during your disclosure. We won’t take legal action against you or administrative action against your account if you act accordingly. White hat researchers are always appreciated. We’ll gladly give appropriate credit for responsible disclosure of significant vulnerabilities.

THANKS!

Special thanks to the following individuals, who have responsibly disclosed vulnerabilities in the past:

  • Tejash Patel | @Tejash1991
  • Anand Prakash | @sehacure
  • Kamil Sevi (@kamilsevi)
  • Muhammad Waqar | @MuhammadWaqar_9
  • Ehraz Ahmed | @ehrazofficial | https://ehraz.co
  • Jay Turla | @shipcod3 | http://resources.infosecinstitute.com/author/jay-turla
  • Jose Pino | @Fr4phc0r3
  • Sahil Saif | @bewithsahilsaif
  • Ishan Anand | Zero-Access
  • Vikas Anil Sharma | Vikzzzzzz
  • Vinod Tiwari | @war_crack
  • Shivam Kumar Agarwal | @netanalysts
  • Nithish Varghese | @nithish.varghese
  • Ala Arfaoui | Ala Arfaoui
  • Sarwar Jahan M | @sarwarjahanm
  • Guilherme Scombatti | guilhermescombatti@gmail.com
  • Harry M. Gertos | @GertyBoy27 | http://hmgmakarovich.blogspot.com
  • Ketankumar B. Godhani | @KBGodhani