Enterprise-Grade
Security
Your customer data, financial records, and business operations deserve the highest level of protection. CrewDeck is built from the ground up with security as a core principle, not an afterthought.
How We Protect Your Data
Multiple layers of defense to keep your business information safe and secure.
SOC 2 Type II Compliant
Our infrastructure and processes have been independently audited and certified to meet SOC 2 Type II standards for security, availability, and confidentiality.
256-bit AES Encryption at Rest
All customer data stored in our databases and file systems is encrypted using AES-256, the same standard used by banks and government agencies.
TLS 1.3 in Transit
Every connection between your browser, our APIs, and our servers is encrypted using TLS 1.3, the latest and most secure transport layer protocol.
Role-Based Access Controls
Granular permissions allow you to control exactly who can see and do what. From admin-only settings to field-rep restrictions, you are in control.
Multi-Tenant Data Isolation
Each company's data is logically isolated at the database level. Your data is never co-mingled with another organization's data, ensuring complete separation.
Automatic Daily Backups
Your data is backed up daily to geographically redundant storage. Backups are encrypted and tested regularly to ensure reliable recovery.
99.9% Uptime SLA
Professional and Enterprise customers are covered by a 99.9% uptime service level agreement with financial credits for any unplanned downtime.
Annual Penetration Testing
We engage independent security firms to conduct comprehensive penetration tests annually, and we remediate all findings on a priority basis.
Security in Every Layer
From infrastructure to application code to employee access policies, security is woven into every aspect of how we build and operate CrewDeck.
Our security program is managed by a dedicated team and is continuously reviewed and improved. We follow industry best practices and stay ahead of emerging threats through proactive monitoring and regular assessments.
All production data is encrypted at rest and in transit, with no exceptions
Database access requires multi-factor authentication and is logged and audited
Employee access to customer data follows the principle of least privilege
All access to production environments is logged, monitored, and reviewed
Sensitive credentials are stored in hardware security modules (HSMs)
We maintain a formal incident response plan with defined escalation procedures
Security awareness training is mandatory for all employees quarterly
Vulnerability scanning runs continuously across all production infrastructure
Standards and Certifications
We meet and exceed industry standards for data protection and privacy compliance.
SOC 2 Type II
Independently audited controls for security, availability, processing integrity, confidentiality, and privacy. Our SOC 2 report is available to Enterprise customers under NDA.
GDPR Ready
We support GDPR compliance with data processing agreements, data portability tools, right-to-deletion workflows, and a Data Protection Officer. EU customer data can be stored in EU-based data centers upon request.
CCPA Compliant
We comply with the California Consumer Privacy Act, including the right to know, the right to delete, and the right to opt-out. We do not sell personal information.
Questions About Security?
Our security team is available to answer questions, provide compliance documentation, or schedule a security review. Enterprise customers can request our full SOC 2 Type II report.
For responsible disclosure of security vulnerabilities, please email [email protected].
See also our Privacy Policy and Terms of Service.