Pricing

Features

All Features AI Features CRM & Pipeline Communication Automation

Resources

Blog Support Center FAQ
About
Login Get Demo

Security & Compliance

At SMBcrm, we prioritize data security, system integrity, and service continuity. Our infrastructure is built on industry best practices and leading compliance frameworks.

Last updated: January 18, 2024

SOC 2 Type II

Independently audited security controls

ISO 27001

Information security management

GDPR Compliant

EU data protection standards

CCPA Compliant

California privacy standards

Security and Compliance Objectives

Our security program is built around four core pillars:

  • Customer Trust and Data Protection: Safeguarding your data is our highest priority
  • Service Availability and Continuity: Ensuring reliable access to our platform
  • Data Integrity: Maintaining accuracy and consistency of your information
  • Regulatory Compliance: Meeting GDPR, CCPA, and industry standards

Infrastructure Security

SMBcrm is hosted on enterprise-grade cloud infrastructure provided by Google Cloud Platform and Amazon Web Services:

Google Cloud Platform

  • Minimum 99.5% uptime guarantee
  • ISO 27001 certified
  • SOC 2 Type II audited
  • ISO 22301 business continuity certified

Amazon Web Services

  • 99.95-100% reliability guarantee
  • SOC 2 Type II compliant
  • ISO 27001 certified
  • PCI-DSS certified for payment processing

Network and Perimeter Security

We employ multiple layers of firewalls and access control lists to protect our infrastructure. All network changes follow standardized change management processes with appropriate review and approval.

Configuration Management

Automated configuration management tools ensure consistent system baselines across our infrastructure. Our patch management program keeps all systems current with security updates.

Logging and Monitoring

Comprehensive logging captures security-relevant events across our infrastructure. Log access is restricted with write protection to maintain integrity. Automated threat detection monitors for suspicious activity 24/7.

Application Security

Our applications are protected by multiple layers of defense:

  • DDoS protection and mitigation
  • Web Application Firewall (WAF)
  • OWASP Top 10 vulnerability testing
  • Regular penetration testing by third parties
  • Secure software development lifecycle (SSDLC)

Customer Data Protection

Encryption in Transit

All data transmitted to and from SMBcrm uses TLS 1.2 or higher encryption. We enforce HTTPS across all endpoints and APIs.

Encryption at Rest

Customer data is encrypted at rest using AES-256 encryption. Encryption keys are managed through secure key management services with regular rotation.

Data Isolation

Logical tenant separation ensures your data is isolated from other customers. Access controls prevent unauthorized cross-tenant data access.

Backup and Disaster Recovery

  • Daily automated backups with 7-day retention
  • Multi-zone data distribution for redundancy
  • Automatic failover protection
  • Regular disaster recovery testing
  • Recovery Point Objective (RPO): 24 hours
  • Recovery Time Objective (RTO): 4 hours

Identity and Access Control

SMBcrm implements robust access controls:

  • Role-Based Access Control (RBAC) with least privilege
  • Mandatory Multi-Factor Authentication (MFA) for all employees
  • Single Sign-On (SSO) support for enterprise customers
  • Regular access reviews and recertification
  • Automated deprovisioning for terminated employees

Employee Security

  • Background checks for all employees
  • Mandatory security awareness training
  • Annual security training refreshers
  • Semi-annual access permission reviews
  • Clean desk and clear screen policies

Regulatory Compliance

GDPR (General Data Protection Regulation)

We comply fully with GDPR requirements for processing EU resident data. This includes:

  • Data Processing Agreements (DPA) available upon request
  • Standard Contractual Clauses for international transfers
  • Support for data subject rights requests
  • 72-hour breach notification procedures

CCPA (California Consumer Privacy Act)

We honor all CCPA rights for California residents, including:

  • Right to know what data is collected
  • Right to delete personal information
  • Right to opt-out of data sales (we do not sell data)
  • Right to non-discrimination

Incident Response

We maintain a documented incident response plan that includes:

  • 24/7 security incident monitoring
  • Defined escalation procedures
  • Customer notification within 72 hours for relevant incidents
  • Post-incident review and remediation

Vendor Management

All third-party vendors undergo security review before onboarding. We require vendors to maintain appropriate security certifications and conduct regular assessments of vendor security posture.

Contact Information

For security questions or to report a vulnerability:

For compliance documentation requests or Data Processing Agreements, please contact your account representative or email legal@smbcrm.com.

Trusted by 2,500+ Businesses

SOC 2 Certified
256-bit Encryption
99.9% Uptime