Security & GDPR Compliance

1. Our Security Commitment

Security is at the core of our concerns at IndyCRM. We implement robust security measures to protect your data and ensure the confidentiality, integrity, and availability of our services.

Our approach to security is proactive and relies on industry best practices, including the principle of defense in depth and the principle of least privilege.

2. GDPR Compliance

IndyCRM is fully compliant with the General Data Protection Regulation (GDPR). We have implemented specific processes to ensure that personal data processing is carried out in accordance with GDPR requirements, including:

• Appointment of a Data Protection Officer (DPO)
• Register of processing activities
• Data Protection Impact Assessments (DPIA)
• Data breach notification procedures
• Technical and organizational measures to ensure data security
• Staff training and awareness

3. Secure Infrastructure

Our infrastructure is hosted on leading cloud platforms that meet the strictest security standards. We use Supabase, which relies on AWS infrastructure, offering:

• High availability with 99.9% SLA
• Data encryption in transit (TLS 1.2+) and at rest (AES-256)
• Strict role-based access controls (RBAC)
• Continuous monitoring and audit logs
• Automated and regular backups

4. Continuous Evaluation

We regularly assess our security posture:

• Independent security audits
• Penetration testing
• Vulnerability scans
• Code reviews
• Incident response exercises

These assessments help us identify and remediate vulnerabilities before they can be exploited.

5. Security Contact

If you discover a security vulnerability or have questions about our security practices, please contact our security team.

contact@indycrm.app

We take all security-related information very seriously and are committed to responding promptly.