Honeybee CRMLegalBack to Honeybee CRM
Back to Legal

Security at Honeybee CRM

Last Updated: February 13, 2026

At Honeybee CRM, security is foundational to everything we build. We understand that you trust us with your most valuable business data—your customer relationships—and we take that responsibility seriously. This page outlines our security practices, compliance certifications, and commitment to protecting your data.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256)

Infrastructure

Hosted on enterprise-grade cloud infrastructure with high availability

Access Control

Role-based permissions and comprehensive audit logs

Incident Response

Documented incident response procedures for security events

1. Data Protection

1.1 Encryption Standards

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites. We enforce HTTPS for all connections and implement HSTS (HTTP Strict Transport Security).
  • At Rest: All customer data stored in our databases is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically separate locations.
  • Key Management: Encryption keys are managed through our cloud provider's key management service with strict access controls.

1.2 Data Isolation

Honeybee CRM is built with multi-tenant architecture where each organization's data is logically isolated. We implement strict tenant separation at the application and database levels to ensure your data is never accessible to other customers.

2. Infrastructure Security

2.1 Cloud Infrastructure

Honeybee CRM is hosted on enterprise-grade cloud infrastructure. Our hosting providers maintain industry-standard certifications including:

  • SOC 2 Type II certification (hosting provider)
  • Physical security controls at data center facilities

2.2 Network Security

  • DDoS Protection: Automatic DDoS mitigation provided by our hosting platform at the network edge
  • HTTPS Enforcement: All connections are served over HTTPS with HSTS enabled

2.3 Availability

We maintain availability through:

  • Cloud-hosted infrastructure with built-in redundancy
  • Database backups with retention policies

3. Application Security

3.1 Secure Development

  • Code Reviews: Code changes undergo review before deployment
  • Dependency Management: Third-party dependencies are kept up to date to address known vulnerabilities
  • OWASP Awareness: Our development practices are informed by OWASP guidelines to prevent common vulnerabilities

3.2 Authentication & Authorization

  • Authentication: Secure authentication via trusted identity providers (e.g., Google OAuth) through NextAuth.js
  • Session Management: Secure session handling with automatic timeout and invalidation
  • Role-Based Access Control: Permissions system to control access to features and data

3.3 API Security

  • Request validation and sanitization
  • Server-side route protection and authorization checks

4. Compliance

GDPR

EU Data Protection

CCPA

California Privacy

4.1 GDPR Compliance

For customers in the European Union, we comply with the General Data Protection Regulation (GDPR):

  • Data Processing Agreement (DPA) available for all customers
  • Right to access, rectify, and delete personal data
  • Data portability in standard formats
  • Privacy by design principles in product development

4.2 CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act:

  • Disclosure of data collection and use practices
  • Right to know, delete, and opt-out
  • No sale of personal information

5. Incident Response

5.1 Monitoring

We leverage our hosting provider's built-in monitoring capabilities and are actively working to implement additional monitoring, including:

  • Application error tracking
  • Uptime and availability monitoring
  • Log review processes

5.2 Incident Response Plan

In the event of a security incident, our response process includes:

  • Investigation: Analysis to determine scope and root cause
  • Containment: Steps to prevent further impact
  • Notification: Customer notification within 72 hours for confirmed data breaches, as required by applicable law
  • Recovery: System restoration and verification

6. Employee Security

Our Team's Commitment

  • Principle of least privilege access
  • Confidentiality agreements

7. Your Security Responsibilities

While we work hard to protect your data, security is a shared responsibility. We recommend:

  • Use strong, unique passwords for your Honeybee CRM account
  • Use two-factor authentication where available
  • Regularly review user access and permissions
  • Keep your browser and devices updated
  • Report any suspicious activity to our security team
  • Train your team on security best practices

8. Security Updates & Vulnerability Disclosure

8.1 Reporting Security Issues

If you discover a security vulnerability, please report it to us responsibly:

  • Email: security@honeybeecrm.io
  • Include detailed steps to reproduce the issue
  • Allow reasonable time for us to address the issue before disclosure

8.2 Security Advisories

We communicate security updates through:

  • Email notifications to account administrators

9. Contact Us

For security-related questions or concerns, please contact our security team:

Security Questions?

If you have questions about our security practices, please reach out to our team.

Contact Security Team