Vulnerability Disclosure Program

At Constant Contact the safety, privacy, and security of the data our customers entrust to us is very important to us. We welcome the reporting of security vulnerabilities in our product and services and encourage researchers to reach out to us when they find issues. To assist that greater good, Constant Contact encourages security researchers, ethical hackers and our users to report security flaws that they may discover through our Security Vulnerability Responsible Disclosure Policy. If you follow this Policy in good faith, we will not initiate or support legal action against you. This document describes what to report and how to do it in a way that protects our customers, Constant Contact and the reporting individual from negative consequences. The public disclosure of security flaws on ConstantContact.com systems or products puts other users at risk. Therefore we ask that you give us a reasonable timeframe in which to mitigate or remediate the problem before releasing any details to the security community or the public at large. This timeframe may vary according to the complexity of the issue however it will usually not exceed 30 days.