SOC2 Type II
Actively's SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually. Please contact us to request a copy of our SOC2 report.

General Data Protection Regulation (GDPR)
We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

California Consumer Privacy Act (CCPA)
We ensure policies, processes, and controls comply with CCPA requirements.

Secure infrastructure provider
We host all of our data in physically secure Google Cloud facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2, ISO 27001 and HITRUST compliant.

Data encryption in transit & at rest
‍All data sent to or from Actively is encrypted using TLS, and all customer data is encrypted using AES-256 and stored in Google BigQuery. We use secure subprocessors behind-the-scenes (Fivetran and Census) to connect to your Salesforce and other sales software tools from which we read or write data. Read more about their respective encryption policies: BigQuery, Fivetran, Census.

Data redundancy and resiliency
Actively's infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration, the user-facing application tier scales to meet demand, and offline pipelines run in containerized virtual machines.

Server security and monitoring
All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to our infrastructure are tracked, and security events are logged appropriately.