At Bytespree, we take data security seriously to ensure that our clients' information is protected at all times. We follow industry-leading practices and are committed to maintaining the highest levels of security through various measures.

Bytespree is SOC2-audited and covered under RKD Group’s SOC2 report, ensuring that our systems meet rigorous standards for data security, availability, processing integrity, confidentiality, and privacy. Additionally, our database provider, DigitalOcean, is also SOC2 compliant. This ensures that any data stored in our Postgres database is managed within a secure, compliant environment.

Any infrastructure our customers purchase directly through Bytespree offers robust encryption for data both at rest and in transit. This means that stored data is encrypted to prevent unauthorized access, and all data exchanged between systems is encrypted using secure communication protocols, safeguarding it from interception or tampering during transmission.

We employ network firewalls to control and filter traffic, ensuring only authorized entities can access sensitive data and services. Additionally, Bytespree undergoes annual penetration testing to identify and resolve potential vulnerabilities, along with regular disaster recovery scenarios to ensure we can respond quickly and effectively in case of a data breach or system failure.

Access to data through our connectors is authorized using secure methods ensuring that only authorized users and systems can access the data.

OAuth Tokens:

Data access is authorized through the use of OAuth tokens, which provide a secure and efficient way for a connector to access your data. When you grant permission, the connector receives an access token, allowing it to interact with your data without requiring your login credentials each time. This token ensures that only authorized applications can access your information and can be easily managed or revoked if needed, providing both security and convenience. Each client provides their own Client Key and Client Secret, which are unique identifiers that authenticate the application and further ensure that only approved connectors can access the data.

You can provide an OAuth scope to the token, allowing different levels of access by defining specific permissions for what the connector can do with your data, such as reading data, writing data, or performing other actions. This ensures that the application only has the necessary permissions, enhancing security by limiting its capabilities to what is explicitly authorized.

API Keys and Username/Password:

Data access can also be authorized through the use of API keys or a combination of username and password. An API key is a simple string provided by the CRM, which the connector uses to authenticate its requests. Each API key is unique to the client and can be configured with specific permissions, such as read-only or full access, ensuring that the connector only performs authorized actions. Similarly, using a username and password combination allows the connector to log in and interact with the CRM as an authenticated user.

In both cases, when available, all authorization information used by the connector is encrypted to maintain security and protect sensitive information. This encryption ensures that even if the information is obtained by malicious means, it remains unreadable to unauthorized parties. However, we cannot guarantee that information sent to the CRM will always be encrypted, as this depends entirely on the third party supporting secure communication. Similarly, data received by the connector may not always be SSL encrypted, depending on the circumstances. This means that the security of the data during transmission relies on the third-party service or system.