Technical Security

<< Return to the security center home page

Last updated: November 1st, 2018

Less Annoying CRM uses modern technology and industry best practices to keep our servers and your data secure. Security is a broad and ever-changing topic which can't possibly be completely covered in this article, but we've outlined what we think you'll be most interested in below:
  1. Encryption - We use 256-bit encryption at all levels of our software. All connections to our website are encrypted (i.e. we encrypt "in transit"), our live database is encrypted (i.e. we encrypt "at rest") and all of our data backups are encrypted.
  2. Hosting - Our software is hosted on Amazon Web Services (AWS) at their US-East data center in Virginia. Amazon has extensive physical and digital security which you can read about here. If you're in the EU and aren't sure if you can store data in US-based servers, don't worry. We are certified under the EU-US Privacy Shield agreement which you can read more about in our GDPR article.
  3. Hacking - There are common hacking techniques such as XSS, CSFR, and SQL injection. Security is the direct responsibility of our co-founder, Bracken King, and he as well as the rest of our technical team stays up to date on these hacking strategies so that we can protect against them.
  4. Password hashing - We use one-way hashing and salting on all of our users' passwords in our database using bcrypt. This means that even we have no idea what your passwords are, and even if someone hacked your account, they wouldn't either.
  5. Security scans - We regularly perform external vulnerability scans and application penetration tests to monitor the status of our security efforts.

A note about HIPAA, PCI, and other types of compliance:
Some industries have specific regulations which can be complicated and expensive to understand, comply with, and receive certification in. Because Less Annoying CRM serves customers in hundreds of different industries, it's not viable for us to seek these specific types of certifications. We believe that our security meets the highest standards set by these industries (our CEO was previously a software engineer who helped his previous company receive HIPPA certification), but because of the logistics of complying with these complicated regulations, we can not and do not claim to be HIPAA compliant, PCI compliant, etc.


Next up: Privacy and non-technical compliance



 
 
 
Spread the Word
Come say hi!