Privacy Notice
Privacy Policy
Terms of Use
Own Your Data
Security
Our Commitment to Security Security Measures Data Retention and Deletion Data Breach Response Security Testing & Vulnerability Management Protecting Children’s Data User Responsibilities Information for Security Researchers Updates to This Security Policy Contact Us

Contacts+ Security Policy

Last Updated: July 24, 2025

At Contacts Plus LLC (“we,” “us,” “our”), located at 3366 S. Geyer Road, Suite 100, Saint Louis, MO 63127, the security of your Personal Information, End User Contact Data, and Completed Contact Data (as defined in our Privacy Policy and Terms of Use) is a top priority. This Security Policy outlines the measures we take to protect data in our Services, including our website contactsplus.com, mobile application, APIs, and integrations (collectively, the “Services”). It also provides guidance for users and security researchers. For details on data collection and use, see our Privacy Policy and Privacy Notice for Data Subjects.

Our Commitment to Security

We implement industry-standard technical and organizational measures to safeguard Personal Information, End User Contact Data, and Completed Contact Data against unauthorized access, use, disclosure, alteration, or loss, in compliance with GDPR Article 32 and CCPA Section 1798.81.5. If you believe your account has been compromised, contact us immediately at support@contactsplus.com (mailto:support@contactsplus.com) with detailed information.

Security Measures

If you are a Security Researcher, please let us know about any security issue and we’ll make every effort to quickly correct it. However you must follow our responsible disclosure policy:

  • Encryption: Data in transit is secured using Transport Layer Security (TLS) with industry-standard configurations. Data at rest is encrypted using 256-bit Advanced Encryption Standard (AES).Access Controls: Role-based access restricts data access to authorized personnel only. Employees undergo regular security and privacy training to ensure compliance with confidentiality standards.
  • Authentication: Accounts require strong passwords. We encourage enabling multi-factor authentication (MFA) where available to enhance account security.
  • Firewalls and Network Security: We use firewalls and secure server environments to protect against unauthorized access.
  • Secure Infrastructure: Our servers are hosted in Amazon Web Services (AWS) data centers, which comply with rigorous security standards (see https://aws.amazon.com/compliance/).Third-Party Vetting: Service providers (e.g., Stripe, Google Analytics) are bound by data processing agreements compliant with GDPR Article 28 and CCPA, ensuring secure data handling.
  • International Transfers: Data transfers outside the EU/EEA are protected by the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs), per GDPR Article 46, as detailed in our Privacy Policy (Section 8.3).
  • Audit Logs: We maintain logs of security events to support incident investigation and compliance.

Data Retention and Deletion

We retain Personal Information, End User Contact Data, and Completed Contact Data only as long as necessary to provide the Services, improve our database, or meet legal obligations (e.g., tax, auditing), typically up to 5 years after last update or use, per our Privacy Policy (Section 5). Historical contact changes are retained for active users to support recovery, but deleted data is removed from our database, with residual copies in secure backups anonymized and retained for up to 12 months. You can request deletion via https://www.contactsplus.com/sar or support@contactsplus.com (mailto:support@contactsplus.com).

Data Breach Response

In the event of a personal data breach, we follow a structured incident response plan to detect, contain, and mitigate the issue. We notify affected users and relevant authorities (e.g., EU/EEA supervisory authorities) within 72 hours (GDPR Article 33) or promptly (CCPA Section 1798.82), providing details and mitigation steps. Contact support@contactsplus.com (mailto:support@contactsplus.com) for breach-related inquiries.

Security Testing and Vulnerability Management

Our security team conducts regular vulnerability assessments, penetration testing, and software updates to address potential risks. We partner with the security research community and third-party platforms like OpenBugBounty to identify and resolve vulnerabilities. Security patches are applied promptly to ensure system integrity.

Protecting Children’s Data

We do not knowingly collect Personal Information from users under 13, per COPPA (15 U.S.C. § 6502) and our Privacy Policy (Section 7). For EU/EEA users aged 13–16, we require verifiable parental consent (GDPR Article 8). If you believe a minor’s data has been collected, contact support@contactsplus.com (mailto:support@contactsplus.com) to request deletion.

User Responsibilities

To enhance your account security, we recommend:

  • Strong Passwords: Use a unique, complex password and update it regularly.
  • Multi-Factor Authentication: Enable MFA where available.
  • Secure Practices: Do not share your password or use it on other platforms. Be cautious of phishing attempts.
  • Prompt Reporting: Notify us immediately at support@contactsplus.com (mailto:support@contactsplus.com) if you suspect unauthorized access.

No method of transmission or storage is 100% secure, and while we strive to protect your data, we cannot guarantee absolute security.

Information for Security Researchers

We welcome collaboration with security researchers to maintain robust security. If you discover a vulnerability in our Services, please follow our responsible disclosure policy:

  • Prompt Disclosure: Report the vulnerability with full details to security@contactsplus.com (mailto:security@contactsplus.com).
  • Good Faith: Do not degrade Service performance (e.g., denial of service) or access/modify user data without permission. Use a test account to demonstrate issues, if possible.
  • Confidentiality: Allow us reasonable time to resolve the issue before public disclosure to protect our users.
  • Scope: Limit testing to Contacts+ properties (e.g., contactsplus.com, App, APIs). Report third-party issues (e.g., analytics providers) to those providers directly.
  • Bounty Program: We offer bounties at our discretion, based on the vulnerability’s scope and severity, after full disclosure and evaluation. Contact security@contactsplus.com (mailto:security@contactsplus.com) for eligibility guidelines or to submit a report via OpenBugBounty.

We will not pursue legal action against researchers who comply with this policy and act in good faith.

Updates to This Security Policy

We may update this Security Policy to reflect changes in our practices or legal requirements, per our Terms of Use (Section 13.1). Material changes will be notified 30 days in advance via email or a prominent notice on our Site. EU/EEA users must consent to changes affecting Personal Information processing (GDPR Article 7). Continued use after notice indicates acceptance.

Contact Us

For security concerns, to report a vulnerability, or to exercise your data rights (e.g., deletion), contact:

Email: support@contactsplus.com (mailto:support@contactsplus.com) (general inquiries) or security@contactsplus.com (mailto:security@contactsplus.com) (vulnerability reports)

Data Protection Officer: dpo@contactsplus.com (mailto:dpo@contactsplus.com) (GDPR inquiries)

Address: Contacts Plus LLC, 3366 S. Geyer Road, Suite 100, Saint Louis, MO 63127

Toll-Free: 800-430-4095 (California residents)

We respond within one month (GDPR Article 12(3)) or 45 days (CCPA Section 1798.130). Additional details are available at https://www.contactsplus.com/privacy-notice.