Skip to main content
What you’ll get out of this. Complete transparency about how DeelRx CRM protects your data with bank-grade security, manages data retention, and responds to security incidents. Understand our encryption standards and data protection measures.

Security Overview

DeelRx CRM implements bank-grade security to protect your business data. We use the same security standards employed by financial institutions to ensure your information remains confidential and secure.
Security by Design: Security is built into every layer of our platform, from data collection to storage and processing.

Encryption Standards

Data at Rest

AES-256 Encryption: All data stored in our systems is encrypted using Advanced Encryption Standard (AES) with 256-bit keys.
  • All databases encrypted with AES-256
  • Encryption keys managed separately from data
  • Regular key rotation and management
  • Hardware security module (HSM) protection
  • All files and documents encrypted at rest
  • Separate encryption for different data types
  • Encrypted backups and archives
  • Secure key management and storage
  • All backups encrypted with AES-256
  • Offsite backup encryption
  • Encrypted disaster recovery systems
  • Secure backup key management

Data in Transit

TLS 1.3 Encryption

  • All data transmission uses TLS 1.3
  • Perfect Forward Secrecy (PFS)
  • Strong cipher suites only
  • Certificate pinning for mobile apps

API Security

  • All API communications encrypted
  • OAuth 2.0 and JWT authentication
  • Rate limiting and DDoS protection
  • Request/response encryption

Key Management

  • Cryptographically secure random key generation
  • Industry-standard key derivation functions
  • Unique keys for each data set
  • Regular key rotation schedules
  • Keys stored separately from encrypted data
  • Hardware security module (HSM) protection
  • Multi-factor authentication for key access
  • Audit logging for all key operations
  • Automatic key rotation every 90 days
  • Emergency key rotation procedures
  • Seamless key rotation without service interruption
  • Historical key retention for data access

Data Retention Policies

Account Data Retention

  • Data retained while account is active
  • Regular data validation and cleanup
  • Automatic archiving of old data
  • User-controlled data retention settings
  • 90-day grace period after subscription ends
  • Data export available during grace period
  • Automatic deletion after grace period
  • Notification before deletion
  • Immediate removal from active systems
  • Backup deletion within 30 days
  • Complete data purging within 90 days
  • Audit trail of deletion process

Business Data Retention

Customer Data

  • Retained according to business needs
  • User-controlled retention periods
  • Automatic archiving after 7 years
  • GDPR right to erasure compliance

Financial Records

  • 7-year retention for tax compliance
  • Encrypted storage and backup
  • Audit trail maintenance
  • Secure disposal after retention period

Communication Logs

  • 3-year retention for support purposes
  • Anonymized after 1 year
  • Secure deletion after retention period
  • Privacy-compliant retention

System Logs

  • 1-year retention for security monitoring
  • Anonymized after 6 months
  • Automated log rotation
  • Secure disposal procedures
Legal Requirements: Some data may be retained longer than standard periods to comply with legal obligations.
  • Tax Records: 7 years (IRS requirements)
  • Audit Trails: 3 years (SOX compliance)
  • Legal Holds: As required by legal proceedings
  • Regulatory Requirements: As specified by applicable regulations

Data Anonymization

Anonymization Process

1

Identification

Identify data that can be anonymized while maintaining business value.
2

Anonymization

Apply anonymization techniques to remove or mask identifying information.
3

Validation

Verify that anonymized data cannot be re-identified.
4

Storage

Store anonymized data separately from identifiable data.

Anonymization Techniques

  • Replace sensitive data with masked values
  • Maintain data format and structure
  • Preserve analytical value
  • Irreversible anonymization
  • Combine individual records into groups
  • Remove individual identifiers
  • Maintain statistical accuracy
  • Preserve trend analysis capability
  • Replace identifiers with pseudonyms
  • Maintain referential integrity
  • Enable limited re-identification
  • Controlled access to mapping keys

Breach Response Procedures

Incident Detection

24/7 Monitoring: Our security team monitors systems around the clock for potential security incidents.
  • Automated threat detection systems
  • Real-time security monitoring
  • User behavior analytics
  • Third-party security assessments

Response Timeline

  • Contain and isolate affected systems
  • Assess scope and impact of incident
  • Activate incident response team
  • Begin evidence collection
  • Detailed forensic analysis
  • Identify root cause and attack vector
  • Assess data exposure and impact
  • Implement additional security measures
  • Notify affected users within 72 hours (GDPR requirement)
  • Report to regulatory authorities as required
  • Public disclosure if necessary
  • Provide remediation guidance
  • Restore affected systems
  • Implement additional security measures
  • Monitor for continued threats
  • Conduct post-incident review

Breach Notification

User Notification: We will notify affected users within 72 hours of discovering a data breach that poses a risk to their rights and freedoms.
  • Email Notification: Primary notification method
  • In-App Alert: Secondary notification for active users
  • Support Chat: Available for questions and assistance
  • Detailed Information: Scope, impact, and remediation steps

Hosting and Infrastructure

Data Center Security

Physical Security

  • 24/7 security personnel
  • Biometric access controls
  • Video surveillance systems
  • Environmental monitoring

Network Security

  • Firewalls and intrusion detection
  • DDoS protection and mitigation
  • Network segmentation
  • Regular security assessments

Server Security

  • Hardened operating systems
  • Regular security updates
  • Vulnerability scanning
  • Access controls and monitoring

Backup Systems

  • Encrypted backup storage
  • Geographic distribution
  • Regular backup testing
  • Disaster recovery procedures

Third-Party Hosting

We use trusted third-party hosting providers:
  • SOC 2 Type II certified
  • ISO 27001 compliant
  • GDPR compliant data processing
  • Regular security audits
  • Encrypted backup storage
  • Geographic redundancy
  • Regular backup testing
  • Secure access controls

User Data Deletion

Deletion Process

1

Request Verification

Verify user identity and deletion request authenticity.
2

Data Identification

Identify all data associated with the user account.
3

Deletion Execution

Delete data from active systems and backups.
4

Verification

Verify complete deletion and provide confirmation.

Deletion Timeline

  • Remove from active systems within 24 hours
  • Deactivate user account immediately
  • Stop all data processing
  • Notify relevant third-party services
  • Delete from backups within 30 days
  • Verify backup deletion completion
  • Update deletion audit logs
  • Confirm with backup providers
  • Full data purging within 90 days
  • Anonymized data retention where required
  • Final deletion verification
  • Deletion completion notification

Deletion Exceptions

Legal Retention: Some data may be retained longer due to legal obligations or legitimate business interests.
  • Legal hold requirements
  • Regulatory compliance obligations
  • Legitimate business interests
  • Anonymized data for analytics

Security Audits and Assessments

Regular Assessments

Annual Security Audits: We conduct comprehensive security assessments annually and after any significant changes.
  • Penetration Testing: Annual third-party penetration testing
  • Vulnerability Scanning: Monthly automated vulnerability scans
  • Code Reviews: Regular security code reviews
  • Compliance Audits: Annual compliance assessments

Audit Results

  • Audit reports available upon request
  • Remediation plans for identified issues
  • Regular progress updates
  • Continuous improvement processes

Contact Information

Security Questions

Data Deletion Requests

For questions or assistance, please reach our team through the chat at https://deelrxcrm.com/support.