Security FAQ

How do you protect user data?

All client and consumer data is encrypted during transit using strong encryption mechanisms. All PII is redacted within a tightly controlled data processing environment with limited access. The redaction process removes any PII that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual.


Do you conduct security audits?

Yes, our parent company, Return Path, conducts periodic reviews of our security policies and practices through independent third-party auditing services, including ISO certifications and Statements on Standards for Attestation Engagements No. 16 (SSAE 16) Reporting on Controls at a Service Organization (SOC 2) Audits, as well as internal auditing services and other assessments deemed appropriate. We also audit our systems and software weekly to ensure their security.


What is the EU-US Privacy Shield Framework?

Return Path is very proud to be a certified member of the the EU-US Privacy Shield program. The EU-US Privacy Shield Framework is the successor of the previously invalidated EU-US SafeHarbor program. Privacy Shield was designed by the U.S. Department of Commerce in conjunction with the European Commission to provide companies in both regions a way to comply with EU data protection requirements when transferring personal data from the European Union to the United States.

Membership in this program is yet another demonstration of our commitment to protecting data and adhering to the highest standards of PII protection.


How does Context.IO store data?

Context.IO only stores data needed when absolutely necessary. We follow industry standard best practices when handling any kind of sensitive information, including SSL and strong encryption.

We also are audited by 3rd parties such as TRUSTe to verify that all data is absolutely safe. Our parent company, Return Path, has a Chief Privacy Officer, who is focused on making sure that everyone’s data is secure.

While we prefer that email providers offer Oauth, we’re completely confident that your user’s credentials are safe with us if we need their name and password to connect.


How does Context.IO use data?

Email accounts connected through Context.IO are included in the Return Path Panel, an anonymized and aggregated report about commercial email campaigns these accounts receive.

When we say “anonymized and aggregated”, what we mean is if you take any random record from that report it will be impossible for you to trace it back to a single origin email account, let alone know who owns that email account.

These anonymized and aggregated reports are used to power some of Return Path’s products to improve the email ecosystem, such as spam prevention, and email deliverability tools, among others.


Does Context.IO have a proven track record for security?

Yes! We’ve been helping developers build applications using email data for over 5 years, and have safely and securely connected over a million email accounts. We're always happy to talk to you about ways we can work together to ensure the utmost security.


What other measures do you offer developers to keep data secure?

We offer a couple of options for developers to protect user data. These are:

Two-Factor Authentication: you can enable two-factor authentication for our developer console (console.context.io), and clicking on Settings > Account Preferences.

Whitelist IP address(es): if requested, we can whitelist your IP address(es) and reject any calls made to Context.IO with your key that do not match the IP address we have on record. This helps to further protect you if someone gets a hold of your API key and secret.