Security and Privacy

Security and Privacy are a critical part of the work that we do. It’s a process that we’re continually working to improve on and a thread that runs through everything that we do - from how we store member data to the tools we provide to customers.


Designed for Security
We use industry best practices for encryption, physical security, multi-factor authentication and segmentation of data. Security is a core part of our software design process, and one of the criteria we use during code review.

We automate everything. When security configuration is automated we can guarantee its correctness and repeatability. When infrastructure is automated, fewer people need access to sensitive data.

All infrastructure is built to be highly available and resilient. Our architecture is designed to eliminate single points of failure with ample excess capacity so your campaigns keep running no matter what.

We promptly notify customers of outages and security events through our status pages and proactively via email.


Physical Security
ChangeSprout, Inc. stores customer data using Amazon Web Services, in their US-East region in northern Virginia, USA. This facility limits and audits physical access, and provides fire suppression, climate control and uninterruptible power supplies.

Databases are always replicated in a N+1 configuration to provide immediate failover in case of instance hardware failure. A full snapshot of all data is taken nightly, encrypted and shipped to Amazon Glacier and retained for 6 months. A complete offline and offsite backup is stored on an encrypted external disk rotated monthly into a bank safe deposit box.

We use TLS/SSL encryption to protect data in transit across the internet, ensuring that our users have a secure connection from their browsers to our service. Remote access for systems administration is provided over encrypted VPN and encrypted SSH connections. Where possible data is encrypted at rest, and backups are always encrypted before they are stored.

Access & Authorization
ChangeSprout staff use multi-factor authentication, in addition to passwords, in order to access administrative interfaces of the ControlShift platform. Multi-factor authentication is also available to organization staff, though it is dependent upon the organization to ensure its use. Access to systems is limited to ChangeSprout staff who require access.

Member Data
While member data is collected using the platform, ChangeSprout Inc. does not own the data, nor do we process it except as directed by the Customer or as required for the operation of the platform. We treat member data as confidential information and take precautions to prevent the unauthorized disclosure, misuse, or loss of data. In addition to the other measures outlined above, we allow users to access and update their personal information to ensure its accuracy.

Onward Transfer
ControlShift only transfers member data to third parties when requested by the Customer or when required for the reliable operation of the platform. We limit the number of third parties we use to process member data and ensure that all third parties adhere to adequate data protection policies.

The third parties we currently send platform data to are: Amazon Web Services, Mailgun, Akismet, and Sendgrid. At the customer’s explicit request we may also send information to the customer’s chosen CRM and / or Segment, a service that provides data analytics. CRM and Segment integrations are optional and it is the responsibility of the customer to ensure that these services adhere to their country’s data protection regulations.

Emails sent from the ControlShift platform automatically include links to unsubscribe from communications. By default, this allows users to unsubscribe from communications about a specific campaign. However, for certain CRMs, the ControlShift platform also supports global unsubscribes – allowing the user to unsubscribe from all of the organization’s communications at once. Admin tools also allow Customer Staff to unsubscribe users manually.