Security & Compliance

Introduction

At SMBcrm, we prioritize data security, system integrity, and service continuity for all our customers. Our mission is to create a secure environment that supports your business operations, allowing you to focus on growth without compromising safety. We have built our infrastructure and processes on industry best practices, ensuring high availability, strong data protection, and compliance with international standards. This document provides an overview of our security controls and the measures we take to maintain a secure, reliable, and compliant platform.

Security and Compliance Objectives

Our security framework focuses on:

1. Customer Trust and Data Protection: Implementing security controls to protect the privacy and confidentiality of all data.
2. Service Availability and Continuity: Ensuring minimal risk to service availability with disaster recovery planning.
3. Data Integrity: Preventing unauthorized alterations to information.
4. Regulatory Compliance: Meeting or exceeding industry standards such as GDPR and CCPA.

Security Controls

SMBcrm utilizes multiple layers of administrative, technical, and physical security controls to protect customer data. Below are the key components of our security framework:

Infrastructure Security

SMBcrm runs on enterprise‑grade infrastructure designed for redundancy, monitoring, secure access control, and high availability. Our security posture is anchored by ISO 27001 certification, EU‑U.S. Data Privacy Framework commitments, and operational controls built for a platform that supports more than 1 billion interactions.

Availability and Resilience

The platform is designed to support 99.9% uptime through redundant systems, monitored services, and recovery processes that reduce the risk of extended interruption.

Vendor and Access Controls

Infrastructure vendors and internal access are reviewed through security and compliance processes. Access to production systems is limited by business need, monitored, and periodically reviewed.

Network and Perimeter Security

SMBcrm enforces strict network controls across all layers of our infrastructure. Multiple layers of firewalls and network access control lists (ACLs) are in place to prevent unauthorized connections to our internal product infrastructure. Changes to network configurations are rigorously managed through a standardized change control process. Firewall rules are regularly reviewed to ensure that only necessary and authorized connections are allowed.

Configuration Management

Our infrastructure is managed using automated configuration tools, ensuring consistent baselines across all systems. Server configurations are tracked and updated through a controlled pipeline, with deviations quickly corrected. This process includes automated patch management and regular compliance checks to maintain system integrity.

Logging and Monitoring

We maintain comprehensive logging and monitoring of all critical systems and user actions. Logs are securely stored and indexed, and only a small subset of engineers has write access to these storage systems. Automated monitoring tools track error rates, abuse scenarios, and security events, triggering alerts for prompt investigation and resolution. In many cases, our systems are designed to respond automatically to suspicious activities, such as throttling traffic or isolating impacted systems.

Application Security

Our web application is protected by multi‑layered defenses that include firewalls, intrusion detection systems, and DDoS protection. We regularly conduct vulnerability scans, dynamic application testing, and code reviews to identify and mitigate risks. Our application security practices adhere to guidelines from the Open Web Application Security Project (OWASP), helping protect against common threats like SQL injection, cross‑site scripting (XSS), and other attacks.

Customer Data Protection

Encryption

All data is encrypted in transit using TLS 1.2 or higher. At rest, data is stored using AES‑256 encryption, ensuring robust protection for sensitive information. Passwords are hashed following industry best practices and never stored in plain text.

Tenant Separation

Customer data is logically separated using unique identifiers, preventing unauthorized access between tenants. Access rules are continuously validated, ensuring strict isolation of data.

Backup and Disaster Recovery

We are committed to minimizing system downtime through resilient infrastructure design, monitored services, and recovery procedures for critical platform components.

Data Backup Strategy

Backups and recovery safeguards are managed through secure operational processes. Backup access is restricted, and monitoring helps identify issues that require rapid resolution.

Identity and Access Control

SMBcrm uses a robust role‑based access control (RBAC) model, ensuring that employees and customers only have access to the resources they need. Multi‑factor authentication (MFA) is enforced for all user accounts, and user roles can be customized for granular permissions.

Employee Access and Organizational Security

• Background Checks: All employees undergo background checks prior to employment to verify their trustworthiness and suitability for handling sensitive information.
• Security Training: Employees receive regular training on security best practices, including how to identify and prevent phishing attempts and other social engineering threats.
• Role‑Based Access: Access to sensitive systems is limited to those with a legitimate business need, and permissions are reviewed semi‑annually.

Compliance

SMBcrm adheres to the strictest data privacy regulations, including GDPR and CCPA. Our compliance team works closely with our engineering and product teams to maintain ongoing adherence to these standards.

• Privacy and Data Retention: Customer data is retained according to our data retention policy. Customers can request data deletions in compliance with applicable regulations.
• Breach Response: In the event of a data breach, we have established procedures to promptly notify affected customers and mitigate the impact.

Contact Us

For more information or questions about our security and compliance practices, please reach out to support@smbcrm.com.