Security

Your data security is our top priority

Security Overview

At Sales Automation, we understand that your email data is sensitive and confidential. We've built our platform with security as a foundational principle, implementing multiple layers of protection to ensure your information remains safe and private.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure encryption protocol. This ensures that your information cannot be intercepted during transmission.

Encryption at Rest

Sensitive data stored in our database is encrypted using industry-standard AES-256 encryption. This includes:

  • OAuth tokens and authentication credentials
  • Context summaries and sensitive contact information
  • User preferences and configuration data

Email Processing & Privacy

What We Store

We only extract and store the contact information you need—names, titles, companies, email addresses, phone numbers, and related metadata. We do NOT store:

  • Full email body content
  • Email attachments
  • Email subject lines (unless part of contact metadata)
  • Personal conversations or sensitive information

Processing Architecture

Email processing happens in secure, isolated worker processes. Emails are processed in batches and immediately discarded after extraction. The system uses a queue-based architecture that ensures data is never stored longer than necessary.

Authentication & Access Control

Two-Factor Authentication

All user accounts are protected with two-factor authentication (2FA) using time-based one-time passwords (TOTP). This adds an extra layer of security beyond passwords.

Role-Based Access Control (RBAC)

Our platform implements comprehensive role-based access control, ensuring that users can only access data they're authorized to see. Team members have different permission levels based on their roles:

  • Owners and Admins: Full access to all data and settings
  • Analysts: Read-only access to contacts and analytics
  • Members: Limited access to their own assigned contacts

Tenant Isolation

All database queries are scoped by user and organization ID, ensuring complete tenant isolation. Your data is never accessible to other users or organizations, even at the database level.

OAuth & Third-Party Integrations

Secure OAuth Implementation

We use industry-standard OAuth 2.0 for connecting to email providers (Gmail, Outlook) and CRM systems (HubSpot). This means:

  • We never see or store your email passwords
  • OAuth tokens are encrypted and stored securely
  • Tokens are automatically refreshed to maintain security
  • You can revoke access at any time from your provider's settings

Compliance & Auditing

Audit Logging

All security-relevant events are logged in our audit system, including authentication attempts, data access, configuration changes, and API usage. These logs help us monitor for suspicious activity and maintain compliance.

Data Retention

We implement data retention policies to ensure that sensitive information is not stored longer than necessary. Context summaries and temporary artifacts are automatically purged according to our retention schedule.

Infrastructure Security

Our infrastructure is designed with security best practices:

  • Regular security updates and patches
  • Network isolation and firewall protection
  • Rate limiting to prevent abuse
  • DDoS protection and monitoring
  • Regular security audits and penetration testing

Reporting Security Issues

If you discover a security vulnerability, please report it to us immediately. We take security issues seriously and will respond promptly.

Questions About Security?

Our team is here to answer any security-related questions you may have