Overview
At CRMX, we take security seriously. This Security Policy describes the technical, organizational, and administrative measures we use to protect the confidentiality, integrity, and availability of customer data.
Infrastructure & Hosting
- CRMX is hosted on secure, industry-leading cloud infrastructure with physical and logical safeguards.
- Data centers are ISO 27001, SOC 1/2/3, and GDPR compliant.
- Redundant systems and backup processes ensure uptime and disaster recovery.
Data Protection
- All customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to customer data is restricted based on least privilege principles.
- We never sell customer data to third parties.
Access Control
- All employee accounts use multi-factor authentication (MFA).
- Role-based access control (RBAC) ensures only authorized staff access sensitive systems.
- Audit logging is enabled for system and database access.
Application Security
- Regular vulnerability scanning and penetration testing.
- Secure coding practices following OWASP Top 10.
- Automated monitoring for suspicious activity or intrusion attempts.
Incident Response
In the event of a security incident, we follow a documented incident response plan:
- Immediate investigation and containment.
- Notification to affected customers in compliance with applicable laws.
- Remediation and lessons learned to prevent recurrence.
Customer Responsibilities
Customers are responsible for:
- Using strong passwords and enabling MFA for their accounts.
- Keeping their API keys and credentials secure.
- Complying with our Acceptable Use Policy and applicable laws.
Contact Us
If you believe you have discovered a security vulnerability in CRMX, please report it immediately to
support@crmx.uk.
