Security Overview

Security at CRMLead Pro

Your data is your most valuable asset. We treat security as a first-class product requirement — not an afterthought.

SOC 2 ReadinessISO 27001 AlignedAES-256 EncryptionIndian Data ResidencyGDPR Compliant

Last updated: May 2026

Our Security Architecture

Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Encrypted database backups stored in India
  • All API keys and secrets stored in encrypted vaults (never in source code)

Infrastructure

  • Hosted on Google Cloud Platform (GCP) — india-south1, Mumbai
  • 100% Indian data residency for customer data
  • Isolated tenant environments with strict network segmentation
  • Automated daily backups with point-in-time recovery
  • DDoS protection via Cloudflare

Access Control

  • Role-Based Access Control (RBAC) across all plans
  • Multi-Factor Authentication (MFA / 2FA) available for all accounts
  • Single Sign-On (SSO) support on Enterprise plans
  • Principle of least privilege enforced for internal DevLogic staff
  • Privileged access reviewed quarterly

Monitoring & Audit

  • Full audit logs for all user actions, data exports, and admin operations
  • 24/7 infrastructure monitoring and alerting
  • Anomaly detection for suspicious login activity
  • Real-time alerts for critical security events
  • Log retention for 2 years

Vulnerability Management

  • Annual third-party penetration testing
  • Continuous automated vulnerability scanning (OWASP Top 10)
  • Dependency scanning and patch management
  • SAST/DAST integrated into the CI/CD pipeline

Incident Response

  • Documented Incident Response Plan (IRP) with defined SLAs
  • Security incidents triaged within 1 hour
  • Data breach notifications to affected customers within 72 hours
  • Post-incident review and remediation reports

Compliance & Certifications

SOC 2 Readiness

CRMLead Pro follows SOC 2 Type II controls for security, availability, and confidentiality. Formal audit in progress.

ISO 27001 Aligned

Our Information Security Management System (ISMS) is aligned with ISO/IEC 27001:2022 controls.

Indian Data Protection

Compliant with the Digital Personal Data Protection Act, 2023 (DPDP) and the IT Act, 2000.

GDPR Compliant

EU data subjects' rights upheld. DPA available for EU customers. See our GDPR page.

Bug Bounty Program

We believe in responsible disclosure. If you discover a security vulnerability in CRMLead Pro, we encourage you to report it responsibly. We commit to:

  • Acknowledge receipt of your report within 48 hours
  • Provide an initial assessment within 7 business days
  • Keep you informed of our remediation progress
  • Credit you (if desired) for responsibly disclosed vulnerabilities
  • Offer rewards for critical and high-severity findings

Report vulnerabilities to: security@crmleadpro.in

Indian Data Residency

All customer data — including CRM data, lead records, communications, and account information — is stored exclusively on servers located in India (Google Cloud Platform, asia-south1, Mumbai).

We do not transfer your primary CRM data outside of India. Ancillary services (e.g., email delivery, CDN) may process limited metadata through non-Indian infrastructure; all such transfers are governed by appropriate data processing agreements and security controls.

Penetration Testing

We conduct annual third-party penetration tests covering:

Web application security (OWASP Top 10)
API security testing
Infrastructure and network testing
Authentication & session management
Business logic vulnerabilities
Data exfiltration scenarios

Enterprise customers may request penetration test reports or conduct their own security assessments. Contact security@crmleadpro.in to arrange this.

Contact Our Security Team

Security Team — DevLogic Technologies Pvt Ltd
Email: security@crmleadpro.in
Vulnerability Disclosure: security@crmleadpro.in