logo
0

Security Policy

Protecting the confidentiality, integrity & availability of your data

Overview

At CRMX, we take security seriously. This Security Policy describes the technical, organizational, and administrative measures we use to protect the confidentiality, integrity, and availability of customer data.

Infrastructure & Hosting

  • Hosted on secure, industry-leading cloud infrastructure with physical and logical safeguards.
  • Data centers are ISO 27001, SOC 1/2/3, and GDPR compliant.
  • Redundant systems and backup processes ensure uptime and disaster recovery.

Data Protection

  • All customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access to customer data is restricted based on least privilege principles.
  • We never sell customer data to third parties.

Access Control

  • All employee accounts use multi-factor authentication (MFA).
  • Role-based access control (RBAC) ensures only authorized staff access sensitive systems.
  • Audit logging is enabled for system and database access.

Application Security

  • Regular vulnerability scanning and penetration testing.
  • Secure coding practices following OWASP Top 10.
  • Automated monitoring for suspicious activity or intrusion attempts.

Incident Response

In the event of a security incident, we follow a documented incident response plan:

  • Immediate investigation and containment.
  • Notification to affected customers in compliance with applicable laws.
  • Remediation and lessons learned to prevent recurrence.

Customer Responsibilities

Customers are responsible for:

  • Using strong passwords and enabling MFA for their accounts.
  • Keeping their API keys and credentials secure.
  • Complying with our Acceptable Use Policy and applicable laws.

Contact Us

If you believe you have discovered a security vulnerability in CRMX, please report it immediately to support@crmx.uk.