Security and privacy
Securing our customers’ data is core to impact.com’s DNA and has always remained our top priority. Discover our advanced security and privacy measures to safeguard our users and data.
Our certifications
Our platform's data security certifications provide peace of mind that your information is protected.
SOC 1 type II
impact.com prioritizes data security with SOC 1 type II certification. This independent verification assures clients of the effectiveness of our internal controls over financial reporting.
ISO 27001:2022
Your data is secure at impact.com. We maintain ISO/IEC 27001:2022 certification, an internationally recognized standard for information security management. This means we have robust security practices in place to protect your data when you use our SaaS subscriptions.
PCI-DSS Level 4
impact.com is a PCI-DSS Level 4 Merchant and maintains its certifications through annual SAQ completion. This standard is designed to protect payment card information from unauthorized access, use, or disclosure.
Our compliance processes
We understand the importance of earning and maintaining user trust. We are committed to upholding the highest standards of data security and privacy. This section outlines our comprehensive compliance processes designed to safeguard your information.
Consent and opt-out
Recruit participants ethically with impact.com's informed consent management. Our platform empowers researchers to obtain clear consent through customizable forms, while giving participants full control over their data with easy unsubscribe and opt-out options.
Right to be forgotten
At impact.com, we prioritize user privacy and empower you to control your data. We adhere to the "Right to Be Forgotten" principle, allowing you to request the complete removal of your personal information from our systems and those of our subprocessors. For a straightforward data deletion process, simply email our security team at security@impact.com.
Data portability
impact.com offers complete data transparency. Our platform empowers you to easily access and view all information associated with your user profile. This ensures you stay informed and in control of your data.
We never sell any data
impact.com prioritizes data privacy and adheres to the General Data Protection Regulation (GDPR). We never sell user data and have a Data Processing Agreement (DPA) in place for our customers in the European Economic Area (EEA). This ensures your data is protected by the strictest global privacy standards.
Our security features
Recurring penetration testing
We prioritize user data security. We leverage independent, third-party experts to conduct comprehensive penetration testing of our web applications, mobile apps (Android/iOS), and underlying APIs. This rigorous testing process identifies and addresses potential vulnerabilities before they can be exploited.
Data encryption at rest
We safeguard your information with industry-leading encryption. All databases and backups are encrypted at rest using AES-256, the strongest block-level storage encryption standard available. This advanced technology ensures your data remains protected even in the event of a security breach.
Secure development process
Adhering to a secure development process is crucial for safeguarding digital assets. Our commitment to robust security includes a meticulous focus on addressing the OWASP Top 10 security risks. This ensures the highest standards of security in our software.
Audit trail and logging
For enhanced security, impact.com maintains a central logging platform that meticulously tracks all user access and actions within the system. These detailed logs are securely stored for a minimum of one year, allowing us to thoroughly investigate any potential security incidents and ensure ongoing accountability.
Secure infrastructure
At impact.com, your data benefits from the utmost protection. We leverage top-tier cloud service providers known for their rigorous security practices. All data centers storing impact.com’s data hold certifications like SOC 1, SOC 2, SOC 3, and ISO 27001. These certifications demonstrate their commitment to comprehensive security controls, data confidentiality, and ongoing system integrity.
Monitoring & alerting
At impact.com, we take a proactive approach to security. Our sophisticated monitoring and alerting systems are constantly on guard, scanning our network for anomalies and suspicious activity. This vigilance allows us to identify and address potential threats before they can escalate, ensuring the continued protection of your data.
Continuous backups
impact.com prioritizes data redundancy for complete peace of mind. We employ a comprehensive backup strategy, including continuous backups for ongoing data capture and weekly full backups. This robust system allows us to restore your data to any point within the past year, minimizing downtime and ensuring business continuity in the event of any unforeseen circumstances.
Data encrypted in transit
We prioritize the security of your information during transit. We leverage industry-standard HTTPS with TLS 1.2 or higher encryption to safeguard all data transmissions between your device and our web application. This robust encryption technology ensures that your sensitive data remains protected from unauthorized access.
Data segregation & security
Ironclad Data Segregation: We prioritize the strongest data security practices. We implement strict coding standards and rigorous code reviews to ensure customer data is logically separated within our system. Additionally, each customer record has a unique identifier, further enhancing data security and preventing any potential mix-ups.
Access management & controls
Strict Access Controls for Enhanced Security: At impact.com, we take your data privacy seriously. We adhere to the ‘principle of least privilege,’ ensuring that access to customer data is limited to authorized employees who require it for their specific job duties. Additionally, all system access is meticulously logged, providing an extra layer of accountability and security.
Thorough system management
At impact.com, we prioritize a smooth user experience. We have comprehensive change management controls in place, ensuring all system changes that directly impact our customers undergo rigorous planning and clear communication. This proactive approach keeps you informed and minimizes disruption to your workflow.
Mandatory training
Empowering a security-conscious c culture: At impact.com, we prioritize data security. All new employees undergo comprehensive security awareness training within their first month, equipping them with the knowledge to protect user data.
Employee background checks
Building trust from day one: At impact.com, we prioritize user trust and security. All new employees undergo a thorough background check before their first day, ensuring a reliable and trustworthy team environment for protecting your data.
Responsible disclosure
At impact.com, we take security very seriously. We believe in working together to maintain a secure environment for everyone. If you believe you’ve identified a potential vulnerability in our systems, we encourage you to disclose it responsibly through our dedicated program.
By visiting our responsible disclosure page, you can report the issue directly to our security team.
Need additional information on security or privacy?
Our security team is always happy to answer any questions you may have about impact.com’s security measures. Whether you have a general enquiry or a specific concern, we’re here to help!
Ready to take your partnership program to the next level?
The impact.com partnership management platform handles the entire life cycle of different partnership types, including affiliates, influencers, media groups, premium publishers, strategic B2B, and more.