What is Attentive.ly?
- What’s on an Attentive.ly Dashboard?
- What CRMs does Attentive.ly connect to? Can it connect to a custom CRM?
What Is Attentive.ly?
We use a third-party contact enhancement service that offers a large commercial database of user data against which the contacts’ email is matched. Contacts’ email is transferred between Attentive.ly and the matching service via encrypted via industry-standard SSL. The data in the commercial database includes public social network profiles (not profiles set as “private”) which are associated with an individual through a variety of means, including links between those profiles provided by user-authorized apps.
Check out our features here.
Currently, Attentive.ly connects with ActionKit, BSD, Mailchimp, Salsa, Convio, and any CRM that accepts imports in CSV format.
Attentive.ly is constantly adding new CRM integration. On our shortlist for the fall is Salesforce.
Here is our pricing. Your yearly fee is based on the number of contacts in your existing email list.
Attentive.ly is PCI compliant and certified by Trust Guard. This certification verifies that Attentive.ly passes a thorough quarterly scan of more than 45,400 known vulnerabilities, in accordance with PCI Security Standards.
Email addresses are uploaded over a secure connection (HTTPS) and are pulled onto a DMZ behind a strict firewall. There is no direct Web access to this email list. An export can be requested by a logged in client. This export request is reviewed by Attentive.ly, and if ok, a backend process (behind the firewall) creates the export, encrypts and zips it up to be sent to the email address registered with this client account.
Attentive.ly Information Security
The Attentive.ly System consists of:
a) a Customer-Facing System (CFS), which is an Apache Web Server
providing external access via HTTP.
b) a Backend Cluster, consisting of multiple Hadoop/HBase hosts. The Backend Cluster hosts run the database, data feeds from external information sources, and Map/Reduce data aggregation jobs.
Both the CFS and the Backend Cluster are implemented on Virtual Private Cloud hosts provided by Amazon Web Services (AWS). AWS holds several of the most stringent levels of security certification, having successfully completed multiple SAS70 Type II audits, obtained ISO 27001 certification, and having been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS also has been authorized by the US General Services Administration to operate at the FISMA Moderate level, among other federal government validations.
The CFS runs in a DMZ behind a firewall which allows access via only HTTP, HTTPS, and SSH.
No other ports are open, and the CFS system runs no other services which are accessible from the public Internet. In particular, there is no FTP access to the CFS. Only two individuals are able to log into the CFS; namely, the Good+Geek CTO and System Administrator. Access is only via encrypted key SSH. Each person accessing the system has an individual account and his/her own SSH key. Access must be from designated public IP addresses. Password-based SSH access is not allowed. Root access to the system is via the “sudo” command. It is not possible to log directly into the root account. All usage of the “sudo” command is logged.
The CFS system holds no customer data other than that required to authenticate web user access. All other customer data is held on the Backend Cluster and is accessed by the CFS over a private network through a second firewall. The hosts in the Backend Cluster do not permit direct access from the Internet. SSH access to the Backend Cluster hosts is the same as for the CFS; that is, it is limited to the same two Good+Geek personnel, using key-based SSH from designated IP addresses. As with the CFS, all root access is via logged “sudo” commands. The root account cannot be directly accessed.
All access to both the CFS and the Backend Cluster hosts is logged. Security logs and Web Server logs from the CFS are retained for two years.
Thus, customer data is held on systems protected by two firewalls, to which there is no direct access from the Internet, and with tightly controlled and logged access by a minimum number of Good+Geek personnel.
We have a contract with Trust-Guard to perform PCI compliance scans every month. We do not store Credit Cards on our system, in fact, that info goes straight to the PCI compliant third party: Stripe.
This is the paragraph from our Terms of Service that addresses the confidentiality of your users’ information:
Good + Geek and you shall not publish, disclose, or otherwise divulge Confidential Information to any third person, at any time during or after the term of this Service Agreement, without the other party’s prior express written consent. For purposes of this Service Agreement, “Confidential Information” shall mean non-public, confidential or proprietary information that is designated by either party as confidential. Subject to the next paragraph in this Section 7, the fact that an individual or entity is one of your supporters shall be deemed Confidential Information.
In non-legalese: We do not sell, rent, or otherwise give out any of your users’ confidential information, nor do we advertise to them or contact them ourselves. Our business model is a simple subscription — a monthly fee in exchange for insights on your users. A given user, say Jane Smith, may be in our database with an associated Twitter and Facebook profile, but nothing you tell us about her (e.g. that she’s a member of your org) would ever be shown to another customer, sold, etc. This is the same way that voter files and other list-enhancements work.