Data Security

All traffic to and from the Service is encrypted in transit with TLS (HTTPS). Data at rest — including your database records and uploaded files — is encrypted by our infrastructure providers.

Every organisation’s data is logically separated. We enforce isolation at the database layer using PostgreSQL Row-Level Security: the application connects through a restricted role that has NOSUPERUSER and NOBYPASSRLS, so row-level policies are enforced on every query and one tenant cannot read another tenant’s rows.

• Passwords are stored only as salted bcrypt hashes — never in plain text.
• Sessions use signed JWTs delivered over secure, HTTP-only cookies with CSRF protection.
• Two-factor authentication (TOTP) is available, and can be required for privileged roles.
• Sensitive endpoints (login, registration, password reset) are rate-limited per IP.
• Access follows the principle of least privilege, both for application roles and our team.

The application, database and file storage run on managed, EU-region infrastructure. Uploaded files are stored in object storage with EU data residency. Services run in isolated containers, and credentials are supplied through the environment — never committed to source code.

Security-relevant actions are recorded in an append-only audit log. We use EU-region error and performance monitoring to detect and respond to issues quickly. Logs are retained for a limited period and access to them is restricted.

• Automated secret scanning runs on every change to prevent credentials reaching the codebase.
• Dependencies and container images are scanned for known vulnerabilities in our CI pipeline.
• Changes are reviewed before they reach production, and an automated test suite gates releases.

The managed database is backed up automatically on a rolling schedule so data can be recovered in the event of an incident. We design the system to fail safe and to limit the blast radius of any single component failure.

Payments are handled by Stripe, a PCI-DSS Level 1 certified provider. Card details are entered directly with Stripe and are never seen or stored by Gallo CRM — we only keep the resulting non-sensitive identifiers needed to manage your subscription.

We work with a small, vetted set of providers (hosting, storage, payments, email, AI and monitoring), each under a data-processing agreement. See our Privacy Policy for the current list and the purpose of each.

We welcome responsible disclosure. If you believe you have found a security issue, please email gallo-crm@hotmail.com with enough detail to reproduce it. Please give us reasonable time to remediate before any public disclosure, and do not access or modify data that is not yours.

Security questions? Email gallo-crm@hotmail.com.