<< Return to the security center home page
Last updated: November 1st, 2018
Less Annoying CRM uses modern technology and industry best practices to keep our servers and your data secure. Security
is a broad and ever-changing topic which can't possibly be completely covered in this article, but we've outlined
what we think you'll be most interested in below:
A note about HIPAA, PCI, and other types of compliance:
We use 256-bit encryption at all levels of our software. All connections to our website are encrypted (i.e.
we encrypt "in transit"), our live database is encrypted (i.e. we encrypt "at rest") and all of our data
backups are encrypted.
Our software is hosted on Amazon Web Services (AWS) at their US-East data center in Virginia. Amazon has
extensive physical and digital security which you can read about here. If you're in the EU and aren't sure if you can store data in US-based servers,
don't worry. We are certified under the EU-US Privacy Shield agreement which you can read more about in
our GDPR article.
There are common hacking techniques such as XSS, CSFR, and SQL injection. Security is the direct responsibility
of our co-founder, Bracken King, and he as well as the rest of our technical team stays up to date on these
hacking strategies so that we can protect against them.
Password hashing -
We use one-way hashing and salting on all of our users' passwords in our database using bcrypt. This means
that even we have no idea what your passwords are, and even if someone hacked your account, they wouldn't
Security scans - We regularly perform external vulnerability scans and application
penetration tests to monitor the status of our security efforts.
Some industries have specific regulations which can be complicated and expensive to understand, comply with, and
receive certification in. Because Less Annoying CRM serves customers in hundreds of different industries, it's not
viable for us to seek these specific types of certifications. We believe that our security meets the highest standards
set by these industries (our CEO was previously a software engineer who helped his previous company receive HIPPA
certification), but because of the logistics of complying with these complicated regulations, we can not
and do not claim to be HIPAA compliant, PCI compliant, etc.