How It Works Agents Brokerages Pricing About Us Blog Sign In New trials currently unavailable

Security

SSL Secured

Contactually can only be accessed using 256-bit SSL 3.0 / TLS 1.0, provided by COMODO.

Secure API

Our API can only be access using secure user credentials or a user-revokable token.

Realtime Backups

All data is backed up in realtime, minimizing data loss.

Latest and Greatest

Contactually’s core system is regularly updated with the latest security fixes, and using the best practices.

Encrypted Credentials

External usernames and passwords are hashed or encrypted using 256 bit AES ciphers.

No Message Bodies/Attachments

Contactually does not store the content or attachments of messages. On request, we grab directly from the server.

Operating System Access

Operating system access is limited to hosting staff and requires username and key authentication.

Server Upgrades

Our managed servers are kept current with all vulnerabilities and hosting configurations.

Permanent Deletion

If you delete your Contactually account, all data is permanently removed from our servers.

Who can see my data?

For all users:

  • Your information is yours. Your contacts are never shared with anyone.

  • Details you provide for contacts are not shared with others who may have the same contact.

  • All information can be exported via CSV, secure API, and integration partners.

  • Contactually support staff may only access information for support reasons, with permission.

For teams:

  • Individual team members decide which contacts get shared with the team.

  • Team members can opt-in/out of sharing messages with their team.

  • Administrators are able to set default permissions for sharing.

  • Administrators cannot forcibly share or see sensitive messages.

  • Securely hosted by Amazon

Securely hosted by Amazon:

  • All user data is stored in Amazon Web Services’ data centers.

  • ISO 27001 certified.

  • Validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).

  • Annual SOC 1 audits

  • 24/7/365 monitoring, strict access controls, and on-site security.

Responsible Vulnerability Disclosure

If you’re an independent security expert or researcher and believe you’ve discovered a security-related issue on our platform, we appreciate your help in disclosing the issue to us responsibly.

Full Compass responsible disclosure policy.