Follow

Publisher FAQ

 

Who owns the TrustedForm service?

TrustedForm is a service provided by ActiveProspect, Inc.. ActiveProspect is a web-based software company based in Austin, Texas that provides applications to companies that buy or sell Internet leads. The company has been in operation since 2004.

What information does the TrustedForm JavaScript make available to lead buyers?

The TrustedForm JavaScript is placed on your offer form. The script issues a Certificate of Authenticity that gets passed with the lead. The Certificate provides the following pieces of information:

  1. the URL of the page where the lead was collected
  2. IP address of the user submitting the data
  3. Browser and OS used by the consumer
  4. date and timestamp of when the user landed on the URL where the script is implemented
  5. a snapshot of the HTML, images, CSS, javascript and other page assets as they appeared to the consumer

Does the TrustedForm script secretly collect information about traffic sources?

No, we are explicit about all the information that is collected by the script. There is a lot of confusion about the collection of traffic source data because the first version of TrustedForm that was released in June 2010 collected referer URLs. We received a lot of push back from vendors about this. We agreed with the publisher feedback so with the next version of TrustedForm we stopped collecting referer URLs. We also started truncating the site URLs to hide and query string data that might reveal traffic sources to a lead buyer. In addition, we made all of the data collected by the script publicly available on the certificate to anyone that handles the lead data.

Having a 3rd party script on my site makes me really nervous. How do I know you aren’t up to something bad?

ActiveProspect is an independent technology provider that has been in business since 2004. A variety of Fortune 500 corporations trust us to process and store their data.

We designed the system so that we are completely transparent about the data that is being collected. The data collected is available in the Certificate. The certificate is available only to those that handle the lead data.

We’ve gone to great lengths to make sure publishers are comfortable with the service. In fact we completely rebuilt the application in 2011 for this reason. We hide the query string of all page URLs just in case they contain proprietary information such as search keywords. We provide legal terms to publishers outlining exactly what the script does and doesn’t do.

You can test it yourself. After you implement the script on your page, you can capture the Certificates and not forward to your lead buyers. This will give you the opportunity to review what is being collected before making the decision that you want to pass the Certificates to your buyers. Furthermore, anyone can signup for a paid account. You can try it out and see exactly what your lead buyers see.

What if I don’t want to reveal the source of my leads?

Certificates never reveal your traffic sources. However, if you also want to hide the website where the lead was collected, we offer a Masked Certificate feature. Masked Certificates don’t reveal the site URL, screenshot, or VideoReplay. Contact us if you are interested in this feature.

How do I protect fields with Sensitive Data Flagging?

TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.

When a TrustedForm VideoReplay is viewed, the data in a tagged field will be seen only as a series of asterisks. In order for you to protect data and still have a recognizable certificate for compliance, you should reserve use of this feature only for sensitive data such as social security or account numbers. To protect data, flag the sensitive fields as follows:

data-tf-sensitive=“true”

An example field would look like:

<input type=“text” name=“ssn” data-tf-sensitive=“true” />

I can provide the information that the TrustedForm script collects, why can’t I just pass it instead of installing the script on my page?

TrustedForm is a neutral 3rd party lead certification service. TrustedForm gives lead buyers confidence that the information being passed is correct. So even if you are already passing this information, TrustedForm provides 3rd party verification that it is correct.

These types of services are common across all types of industries. For example, when you buy a diamond it typically comes with a certificate provided by the GIA (Gemological Institute of America) or AGS (American Gem Society). Financial statements are another example. Public companies must have their financial statements audited by 3rd parties, giving investors confidence to actively invest in the stock market. Similarly, TrustedForm will give lead buyers confidence in their leads.

I have a couple of advertisers asking me to implement TrustedForm, does the script vary from advertiser to advertiser?

The script is the same for everyone. It is generic script that generates a certificate that gets passed with the lead. Anyone with a TrustedForm account that receives a certificate can verify it's legitimacy using our HTTP API.

I use dynamic forms so the page URL doesn’t properly represent what the consumer sees. Should I still implement the Javascript?

Yes. Our Certificate contains a copy of the HTML as seen by the consumer when the script is added to the page. That HTML is visible by anyone with access to the certificate. Even if you have a dynamic form, you'll be able to provide the advertiser with assurance that you are representing their offer correctly.

I have multiple offers on the same page, do I need to implement the script multiple times?

No. You can just implement the script once per page (no matter how many offers are on the page). If the consumer signs up for multiple offers you can pass the same certificate for every offer.

I sell shared leads, do I need to provide a different certificate for each lead buyer?

No, there should just be one certificate per lead. If you are selling the lead 3 times, you’ll pass the same certificate to 3 different buyers.

Are there any privacy issues?

The data that is collected is only made available to the Advertiser whose form is being displayed. As such, this data is governed by the Advertiser’s privacy policy that is displayed on the form.

What is in it for me?

By participating in this program you are showing your advertisers that you are a trusted partner and support transparency with regard to the origin of your leads. This will give new advertisers confidence in trying your leads and may even allow you to charge more per lead. Best of all, it's free for you to implement the JavaScript and provide Certified Leads.

Will the TrustedForm JavaScript slow down my site?

No. The script was designed to be very fast, using the latest asynchronous server technology.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

You must be logged in to comment.