1. Our Commitment to Security

At CompanyConnect, we understand that CRM and automation systems handle your most sensitive business data. We treat your data security as a foundational requirement, not an afterthought.

2. Data Processing Principles

We adhere to the principle of least privilege. Our team only requests access to the systems and data strictly necessary to complete the agreed-upon scope of work. We do not copy, store, or process your customer data on our own infrastructure unless explicitly required for a specific integration, and only temporarily.

3. System Access & Authentication

All access to client systems is managed through secure, dedicated credentials. We strongly recommend that clients provision unique service accounts for our team rather than sharing existing credentials. We enforce Multi-Factor Authentication (MFA) on all our internal tools and client access points.

4. Third-Party Integrations

When building integrations using platforms like Make.com or custom APIs, we ensure that data is transmitted securely using HTTPS/TLS encryption. API keys and webhooks are stored securely and never exposed in client-side code.

5. Incident Response

In the unlikely event of a security incident involving systems we manage, we have a documented incident response protocol to identify, contain, and communicate the issue to affected clients within 24 hours of discovery.

6. Compliance

We design systems that help our clients maintain compliance with relevant data protection regulations (such as GDPR or CCPA) by implementing proper data retention, deletion, and consent tracking mechanisms within their CRM.