Context.IO Shutting Down: API service will end March 31, 2019 at 11:59pm CST. Please visit the blog post for more details.

Security FAQ

How do you protect user data?

All client and consumer data is encrypted during transit using TLS v1.2. At rest, all personal data is encrypted with AES 256. All PII is redacted within a tightly controlled data processing environment with limited access. The redaction process removes any PII that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual.

Do you conduct security audits?

Yes, Return Path conducts periodic reviews of our security policies and practices through independent third-party auditing services, including ISO certifications and Statements on Standards for Attestation Engagements No. 16 (SSAE 16) Reporting on Controls at a Service Organization (SOC 2) Audits, as well as internal auditing services and other assessments deemed appropriate. We perform quarterly application vulnerability assessments, monthly network vuln scans, and audit our external networks weekly.

What is the EU-US Privacy Shield Framework?

Return Path is very proud to be a certified member of the the EU-US Privacy Shield program. The EU-US Privacy Shield Framework is the successor of the previously invalidated EU-US SafeHarbor program. Privacy Shield was designed by the U.S. Department of Commerce in conjunction with the European Commission to provide companies in both regions a way to comply with EU data protection requirements when transferring personal data from the European Union to the United States.

Membership in this program is yet another demonstration of our commitment to protecting data and adhering to the highest standards of PII protection.

How does Context.IO store data?

Context.IO only stores data when absolutely necessary (data minimization). We follow industry standard best practices when handling any kind of sensitive information, including SSL and strong encryption (TLS v1.2 and AES 256). Also, Return Path has a Chief Privacy Officer, who is focused on making sure that everyone’s data is secure.

How does Context.IO use data?

Email accounts connected through Context.IO are included in the Return Path Panel, an anonymized and aggregated report about commercial email campaigns these accounts receive.

When we say “anonymized and aggregated”, what we mean is if you take any random record from that report it will be impossible for you to trace it back to a single origin email account, let alone know who owns that email account.

These anonymized and aggregated reports are used to power some of Return Path’s products to improve the email ecosystem, such as spam prevention, and email deliverability tools, among others.

Does Context.IO have a proven track record for security?

Yes! We’ve been helping developers build applications using email data for over 6 years, and have safely and securely connected over a million email accounts. We're always happy to talk to you about ways we can work together to ensure the utmost security.

What other measures do you offer developers to keep data secure?

We offer a couple of options for developers to protect user data. These are:

Two-Factor Authentication: you can enable two-factor authentication for our developer console (, and clicking on Settings > Account Preferences.

Whitelist IP address(es): if requested, we can whitelist your IP address(es) and reject any calls made to Context.IO with your key that do not match the IP address we have on record. This helps to further protect you if someone gets a hold of your API key and secret.