Putting security first

We know that as a customer, you're entrusting us with sensitive data and we take this responsibility very seriously. That's why security and privacy are top priorities and we're committed to securing your organization's data, eliminating vulnerabilities, and ensuring continuity of access.

Security & privacy frameworks

Actively maintains compliance with global data protection and security frameworks.

  • SOC2 Type II
    Actively's SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually. Please contact us to request a copy of our SOC2 report.

  • General Data Protection Regulation (GDPR)
    We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

  • California Consumer Privacy Act (CCPA)
    We ensure policies, processes, and controls comply with CCPA requirements.

Securing your sensitive data

Actively is built from the ground up to safeguard your data.

  • Secure infrastructure provider
    We host all of our data in physically secure Google Cloud facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2, ISO 27001 and HITRUST compliant.

  • Data encryption in transit & at rest
    All data sent to or from Actively is encrypted using TLS, and all customer data is encrypted using AES-256 and stored in Google BigQuery. We use secure subprocessors behind-the-scenes (Fivetran and Census) to connect to your Salesforce and other sales software tools from which we read or write data. Read more about their respective encryption policies: BigQueryFivetranCensus.

  • Data redundancy and resiliency
    Actively's infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration, the user-facing application tier scales to meet demand, and offline pipelines run in containerized virtual machines.

  • Server security and monitoring
    All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to our infrastructure are tracked, and security events are logged appropriately.

Want more info?

Our customers include some of the fastest-growing and largest companies out there (including publicly-traded companies) and we take utmost care to safeguard their data. We're happy to send you more details as needed or answer any questions; just email us at security@actively.ai.

If you're a security researcher, read our vulnerability disclosure policy here.