Contactually can only be accessed using 256-bit SSL 3.0 / TLS 1.0, provided by COMODO.
Our API can only be access using secure user credentials or a user-revokable token.
All data is backed up in realtime, minimizing data loss.
Contactually’s core system is regularly updated with the latest security fixes, and using the best practices.
External usernames and passwords are hashed or encrypted using 256 bit AES ciphers.
Contactually does not store the content or attachments of messages. On request, we grab directly from the server.
Operating system access is limited to hosting staff and requires username and key authentication.
Our managed servers are kept current with all vulnerabilities and hosting configurations.
If you delete your Contactually account, all data is permanently removed from our servers.
Your information is yours. Your contacts are never shared with anyone.
Details you provide for contacts are not shared with others who may have the same contact.
All information can be exported via CSV, secure API, and integration partners.
Contactually support staff may only access information for support reasons, with permission.
Individual team members decide which contacts get shared with the team.
Team members can opt-in/out of sharing messages with their team.
Administrators are able to set default permissions for sharing.
Administrators cannot forcibly share or see sensitive messages.
Securely hosted by Amazon
All user data is stored in Amazon Web Services’ data centers.
ISO 27001 certified.
Validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
Annual SOC 1 audits
24/7/365 monitoring, strict access controls, and on-site security.
If you’re an independent security expert or researcher and believe you’ve discovered a security-related issue on our platform, we appreciate your help in disclosing the issue to us responsibly.