Constant Contact® Information Security Program

Constant Contact maintains a comprehensive information security program designed to protect customer information and support the confidentiality, integrity, and availability of our systems and services.

 

Our security program is built on a defense-in-depth approach that incorporates administrative, technical, and physical safeguards to help protect information assets and support our business operations. Security considerations are integrated throughout our organization, including system design, software development, access management, monitoring, incident response, and vendor management activities.

 

CSTAR Level 1
 


Data Protection and Access Control

Constant Contact maintains policies, procedures, and technical safeguards designed to help protect customer information from unauthorized access, use, disclosure, alteration, or destruction. Access to systems and data is restricted to authorized personnel based on business need and is governed by established access management processes.

 

Infrastructure Security

Constant Contact implements security controls designed to protect systems, networks, and information assets. Security measures are regularly reviewed and updated to address evolving threats, industry standards, and business requirements. 

 

Secure Development Practices 

Security is incorporated throughout the software development lifecycle. Internally developed software is subject to security review and testing processes intended to identify and address security risks before deployment. 

 

Monitoring and Incident Response 

Constant Contact maintains security monitoring capabilities and incident response procedures designed to detect, investigate, and respond to potential security events. Incident response processes are periodically reviewed and tested to support ongoing readiness.

 

Personnel Security and Security Awareness 

Personnel with access to company systems and information are subject to applicable onboarding requirements and receive security awareness training designed to promote the protection of customer and company information.

 

Third-Party Risk Management

When Constant Contact engages third parties to support business operations or process information on our behalf, those providers are expected to implement appropriate safeguards and are subject to security and confidentiality requirements consistent with the services they provide.

 

Independent Assessment 

Constant Contact's information security program is supported by ongoing risk management activities, security monitoring, employee training, secure development practices, and independent assessments designed to evaluate the effectiveness of security controls and support compliance with applicable industry standards and regulatory requirements.

 

Questions 

You can reach out with any questions you have here.