Who owns the TrustedForm service?
TrustedForm is a service provided by ActiveProspect, Inc.. ActiveProspect is a web-based software company based in Austin, Texas that provides applications to companies that buy or sell Internet leads. The company has been in operation since 2004.
- the URL of the page where the lead was collected
- IP address of the user submitting the data
- Browser and OS used by the consumer
- date and timestamp of when the user landed on the URL where the script is implemented
Does the TrustedForm script secretly collect information about traffic sources?
No, we are explicit about all the information that is collected by the script. There is a lot of confusion about the collection of traffic source data because the first version of TrustedForm that was released in June 2010 collected referer URLs. We received a lot of push back from vendors about this. We agreed with the publisher feedback so with the next version of TrustedForm we stopped collecting referer URLs. We also started truncating the site URLs to hide and query string data that might reveal traffic sources to a lead buyer. In addition, we made all of the data collected by the script publicly available on the certificate to anyone that handles the lead data.
Having a 3rd party script on my site makes me really nervous. How do I know you aren’t up to something bad?
ActiveProspect is an independent technology provider that has been in business since 2004. A variety of Fortune 500 corporations trust us to process and store their data.
We designed the system so that we are completely transparent about the data that is being collected. The data collected is available in the Certificate. The certificate is available only to those that handle the lead data.
We’ve gone to great lengths to make sure publishers are comfortable with the service. In fact we completely rebuilt the application in 2011 for this reason. We hide the query string of all page URLs just in case they contain proprietary information such as search keywords. We provide legal terms to publishers outlining exactly what the script does and doesn’t do.
You can test it yourself. After you implement the script on your page, you can capture the Certificates and not forward to your lead buyers. This will give you the opportunity to review what is being collected before making the decision that you want to pass the Certificates to your buyers. Furthermore, anyone can signup for a paid account. You can try it out and see exactly what your lead buyers see.
What if I don’t want to reveal the source of my leads?
Certificates never reveal your traffic sources. However, if you also want to hide the website where the lead was collected, we offer a Masked Certificate feature. Masked Certificates don’t reveal the site URL, screenshot, or VideoReplay. Contact us if you are interested in this feature.
How do I protect fields with Sensitive Data Flagging?
TrustedForm allows you to flag any or all sensitive fields of consumer data. When this feature is used, we apply a cryptographic hash to the flagged fields making it infeasible for anyone, including us, to store, retrieve, reverse-engineer, or utilize the data that was volunteered by the End User in that flagged data field.
When a TrustedForm VideoReplay is viewed, the data in a tagged field will be seen only as a series of asterisks. In order for you to protect data and still have a recognizable certificate for compliance, you should reserve use of this feature only for sensitive data such as social security or account numbers. To protect data, flag the sensitive fields as follows:
An example field would look like:
<input type=“text” name=“ssn” data-tf-sensitive=“true” />
I can provide the information that the TrustedForm script collects, why can’t I just pass it instead of installing the script on my page?
TrustedForm is a neutral 3rd party lead certification service. TrustedForm gives lead buyers confidence that the information being passed is correct. So even if you are already passing this information, TrustedForm provides 3rd party verification that it is correct.
These types of services are common across all types of industries. For example, when you buy a diamond it typically comes with a certificate provided by the GIA (Gemological Institute of America) or AGS (American Gem Society). Financial statements are another example. Public companies must have their financial statements audited by 3rd parties, giving investors confidence to actively invest in the stock market. Similarly, TrustedForm will give lead buyers confidence in their leads.
I have a couple of advertisers asking me to implement TrustedForm, does the script vary from advertiser to advertiser?
The script is the same for everyone. It is generic script that generates a certificate that gets passed with the lead. Anyone with a TrustedForm account that receives a certificate can verify it's legitimacy using our HTTP API.
Yes. Our Certificate contains a copy of the HTML as seen by the consumer when the script is added to the page. That HTML is visible by anyone with access to the certificate. Even if you have a dynamic form, you'll be able to provide the advertiser with assurance that you are representing their offer correctly.
I have multiple offers on the same page, do I need to implement the script multiple times?
No. You can just implement the script once per page (no matter how many offers are on the page). If the consumer signs up for multiple offers you can pass the same certificate for every offer.
I sell shared leads, do I need to provide a different certificate for each lead buyer?
No, there should just be one certificate per lead. If you are selling the lead 3 times, you’ll pass the same certificate to 3 different buyers.
Are there any privacy issues?
What is in it for me?
No. The script was designed to be very fast, using the latest asynchronous server technology.