Security at KudosCRM

Security is foundational to KudosCRM. Here's an overview of how we protect your data. To report a vulnerability, see our Vulnerability Disclosure Policy or email security@kudoscrm.com.

• Encryption: data is encrypted in transit (TLS), and sensitive credentials are encrypted at rest. Our cloud infrastructure also provides storage-level encryption.
• Tenant isolation: every customer's data is strictly separated, and access is scoped to the authenticated user's organisation.
• Access control: role-based permissions, least-privilege access, and logging of administrative actions.
• Monitoring & auditing: activity is logged, and we monitor for errors and suspicious behaviour.
• Abuse protection: rate limiting and brute-force protection guard against attacks.
• Secure development: automated security scanning, dependency monitoring, and periodic penetration testing are part of how we build.
• Trusted providers: we work with established infrastructure and service providers and require them to protect your data — see Sub-processors.

We never store full payment-card numbers. Payments are handled by our payment provider using tokenization.

We continuously strengthen our security program and are working toward recognised certifications. For a deeper overview or a security questionnaire, contact security@kudoscrm.com.

Security & vulnerability reports: security@kudoscrm.com