Last updated: Sept 26th, 2022
Less Annoying CRM uses modern technology and industry best practices to keep our servers and your data secure. Security is a broad and ever-changing topic which can't possibly be completely covered in this article, but we've outlined what we think you'll be most interested in below:
- Encryption - We use 256-bit encryption at all levels of our software. All connections to our website are encrypted (i.e. we encrypt "in transit"), our live database is encrypted (i.e. we encrypt "at rest") and all of our data backups are encrypted.
- Hosting - Our software is hosted on Amazon Web Services (AWS) at their US-East data center in Virginia. Amazon has extensive physical and digital security which you can read about here. If you're in the EU and aren't sure if you can store data in US-based servers, don't worry. We comply with the Data Protection Addendum (DPA) and include the standard contractual clauses in our terms of service which allows EU customers to store their data on our US servers. You can read more about our GDPR compliance here.
- Hacking - There are common hacking techniques such as XSS, CSRF, and SQL injection. Security is the direct responsibility of our co-founder, Bracken King, and he as well as the rest of our technical team stays up to date on these hacking strategies so that we can protect against them.
- Password hashing - We use one-way hashing and salting on all of our users' passwords in our database using bcrypt. This means that we have no idea what your passwords are, and even if someone hacked your account, they wouldn't either.
- Two-factor authentication - You can enable two-factor authentication (or "2fa") on your account which adds an extra step to the login process
requiring you to enter a one-time code that is sent to you via SMS, email, or an app on your phone. This means that even if someone steals your password, they still can't log in as you.
- Security scans - We regularly perform external vulnerability scans and application penetration tests to monitor the status of our security efforts.
A note about HIPAA, PCI, and other types of compliance:
Some industries have specific regulations which can be complicated and expensive to understand, comply with, and receive certification in. Because Less Annoying CRM serves customers in hundreds of different industries, it's not viable for us to seek these specific types of certifications. We believe that our security meets the highest standards set by these industries (our CEO was previously a software engineer who helped his previous company receive HIPAA certification), but because of the logistics of complying with these complicated regulations, we can not and do not claim to be HIPAA compliant, PCI compliant, etc.