Trust & Security

Your security is built in, not bolted on

Every form, login, and payment on this site is protected by the same standards we coach our clients to hold. Here is exactly how we keep your information safe.

256-bit TLS encryption PCI-DSS compliant payments SOC 2 infrastructure

When you share your email, book a call, buy the book, or register for the conference, you are trusting us with your data. We take that seriously. This page explains the safeguards we have in place, the partners we rely on, and the simple steps you can take to stay secure.

How we protect you

Layers of protection on every page

Security is not one feature. It is a stack of defenses working together.

Encryption in transit

The entire site runs over HTTPS with modern TLS. Data moving between your browser and our servers is encrypted end to end, so it cannot be read if intercepted.

PCI-compliant payments

Card payments are processed by PCI-DSS Level 1 certified providers (Stripe and HubSpot Payments). We never see or store your full card number on our systems.

Hardened infrastructure

Our site, CRM, and forms run on HubSpot and enterprise cloud platforms that maintain SOC 2 Type II and ISO 27001 certifications, with 24/7 monitoring and physical data-center security.

Least-privilege access

Internal access to customer data is restricted by role, protected by single sign-on and multi-factor authentication, and reviewed regularly. People only see what their job requires.

Continuous monitoring

Automated tools watch for vulnerabilities, suspicious logins, and unusual activity. We patch promptly and test our defenses so issues are caught early.

Data minimization

We collect only what we need to serve you, keep it only as long as we need it, and let you request access or deletion at any time under our Privacy Policy.

Shopping and payment security

When you buy the book, register for Endless Customers Live, or pay for a program, your payment details are handled entirely by our certified payment processors. The transaction happens inside their secure, encrypted environment.

  • Your card number, expiry, and security code are sent directly to the payment processor over an encrypted connection.
  • We receive only a confirmation and the last four digits for your receipt. Your full card number never touches our servers.
  • All processors we use are certified to PCI-DSS, the payment-card industry's highest security standard.
  • You will always see https:// and a padlock in your browser before any payment field.

Tip: We will never ask for your card number, password, or security code by email, text, or phone. If you receive a message claiming to be from us asking for those, treat it as a scam and report it.

Protecting your account and personal data

If you create an account for the Academy or a members area, we protect it with secure password storage (hashed, never stored in plain text), encrypted sessions, and optional multi-factor authentication. Our team follows strict internal policies for how customer data is accessed, stored, and retired.

For the full picture of what we collect and your rights, including access, correction, and deletion, see our Privacy Policy and Editorial Policy & Ethics.

How you can stay secure

Security is a partnership. A few simple habits make a big difference:

  • Use a strong, unique password and a password manager.
  • Turn on multi-factor authentication wherever it is offered.
  • Check that links point to endlesscustomers.com or impactplus.com before clicking.
  • Be skeptical of urgent requests for money or credentials, even if they look familiar.

Report a security concern

We welcome responsible disclosure. If you believe you have found a vulnerability or have a security question, email security@impactplus.com and our team will respond promptly. Please do not test or exploit any issue against live accounts or other users' data.

Questions about how we handle your data?

We are happy to walk you through it. Reach out and a real person will help.

Contact us