How does ContactMonkey encrypt and store data?
ContactMonkey encrypts all data at rest and in-transit. To power integrations, ContactMonkey uses Merge as a sub-processor. All data is stored in AWS via Merge's infrastructure and encrypted using the AES-256 encryption algorithm. Data is not allowed to be stored on external media, and production data is never moved out of production environments. Additionally, employees are only granted permission to view customer data upon customer request.
EU data is only stored in the Stockholm AWS region and APAC data is only stored in the Singapore AWS region.
What does ContactMonkey do to ensure customer credentials are secure?
Customer credentials are encrypted at-rest and in-transit via Merge's infrastructure. Two separate layers of encryption are used, one at the storage layer and another at the application layer, to ensure that credentials are secured.
Does ContactMonkey offer an on-prem option?
ContactMonkey does not currently offer on-prem.
Does ContactMonkey store my data?
By default, yes. ContactMonkey stores both end-user data and end-user credentials through Merge. This allows us to provide fast syncs, normalized data, and enhanced product features.
Where is it stored?
Data is stored across three default, multi-tenant data centers: AWS Virginia, AWS Stockholm, and AWS Singapore. All three are available at no additional cost and can be used in parallel if you have a global customer base.
Data centers are not available in Canada, customers interested in using this feature in Canada will have their data stored in AWS Virginia.
How long is it stored?
Customer data and credentials are stored indefinitely, until actively deleted. Linked accounts can be deleted from the Settings → Integrations page in ContactMonkey.
Why does ContactMonkey store data?
There are several reasons ContactMonkey stores data through Merge rather than operating as a passthrough-only platform:
- Efficiency: Storing data allows incremental database updates rather than performing a full refresh on each sync. This means faster, more frequent resyncs while still complying with third-party rate limits.
- Product Features: Stored data enables features like webhooks, endpoint filters, and partial syncing.
- De-Risking: Having an internal database makes ContactMonkey customers less vulnerable to third-party outages and API changes.
- Normalization: Every third-party API is unique. By storing customer data, ContactMonkey abstracts away those differences so you don't need to worry about rate limits, API formats, or changing architectures.
What controls are in place around accessing and moving this data?
Security is at the core of how ContactMonkey handles your data. We have invested extensively in our security credentials and infrastructure, including our use of Merge as a vetted, SOC 2-compliant sub-processor. Reach out to our support team at support@contactmonkey.com if you have any questions about our security practices.