Overview
Salesbuildr is built on enterprise-grade infrastructure with multiple layers of security controls. We follow industry best practices to ensure your data remains confidential, secure, and available when you need it.
Infrastructure & Hosting
Data Center Certifications
Our infrastructure is hosted in certified data centers that meet the highest security standards:
ISO 27001 - Information security management
SOC 1 & SOC 2 - Service organization controls
PCI Level 1 - Payment card industry compliance
FISMA Moderate - Federal information security
SOX - Financial controls compliance
Hosting Locations
Your data is hosted in European data centers with strict privacy protections:
Provider | Region | Purpose |
Google Firebase | Netherlands & Germany | Authentication, database, and storage |
Microsoft Azure | West Europe (Amsterdam) | Application services and SSL certificates |
Elasticsearch | Germany | Search functionality |
Privacy & Compliance Documentation:
Data Protection
Encryption
Data in transit: All data transmitted to and from Salesbuildr is encrypted using TLS 1.2 or higher, protecting your information from interception.
Data at rest: All data stored in our systems is encrypted to ensure its integrity and confidentiality.
Data Separation
Each customer is assigned their own isolated database schema, ensuring your data remains completely separate from other customers.
Data Redundancy & Reliability
All data is stored redundantly across multiple servers and availability zones. This means that even if a single server or entire data center experiences an issue, your data remains safe and accessible. Our infrastructure is monitored 24/7 for performance, availability, and reliability.
Backup & Recovery
Our redundant storage architecture ensures continuous data protection. In the unlikely event of a failure, we can restore your data without loss.
Access Control & Authentication
Platform Access
Secure connections: Access to Salesbuildr requires encrypted HTTPS sessions to protect the confidentiality and integrity of your data.
Single Sign-On (SSO): Authentication is managed through Microsoft SSO or Google SSO, leveraging their built-in multi-factor authentication (MFA) policies for enhanced security.
Role-Based Access Control (RBAC)
Salesbuildr provides granular control over who can access what:
Standard roles:
Admin - Full access to all application functions
User - Can create and edit opportunities, quotes, and products
Additional controls:
Admins can restrict users to view only their own opportunities and quotes
Salesbuildr Premium offers advanced RBAC with customizable roles and permissions
Internal Access Controls
Salesbuildr employee access:
Our support and development teams can access customer data only for troubleshooting purposes or at your specific request.
You have full control: You can disable Salesbuildr employee access to your instance at any time by navigating to the Companies tab, searching for "Salesbuildr," and checking the box beside 'Deny'.
Infrastructure access:
Unique system accounts are required for all infrastructure access
User accounts are identifiable to specific individuals
Privileged database and server access is restricted to authorized personnel based on job responsibilities
Passkeys or two-factor authentication and strong password controls are mandatory for all administrative access
Data Processing & Privacy
What Data We Collect
To enable you to send quotes and proposals to customers, Salesbuildr processes the following information:
Processor | Data Collected | Purpose |
Google Firebase | Full name and email address of your contacts (both customers and employees) | Create and send proposals |
Elasticsearch | Full name and email address of your contacts | Search capabilities |
Datadog | Full name and email address of your contacts | Error logging and monitoring |
Intercom | Full name and email address of your employees | Customer support |
For detailed information about how each processor handles data, visit their respective privacy documentation linked in the Infrastructure & Hosting section above.
PSA Integration Data Flow
When you enable integration with your PSA system, here's how data flows between systems:
Salesbuildr Entity | Sync Action | PSA Entity |
Users | Read only | Users |
Companies | Read, create, and update | Companies |
Contacts | Read, create, and update | Contacts |
Products | Read, create, and update | Products |
Services | Read, create, and update | Services |
Labour | Read only | Labour |
Opportunities | Read, create, and update | Opportunities |
Quotes | Create only (not synced from PSA) | Quotes |
Initial synchronization: When you first enable the integration, Salesbuildr performs a complete sync of users, companies, contacts, products, services, and labor from your PSA.
Ongoing sync: After the initial sync, opportunities you create in your PSA are automatically synchronized to Salesbuildr, allowing you to create linked quotes.
Usage Data Collection
To improve our service and your experience, we collect anonymized usage data including:
Device and connection data - Browser type, operating system, network speed
User behavior patterns - Commonly used features, user activity, configuration processes
Product logs - Web server and application logs for troubleshooting
Organizational data - Industry, location, number of users
Other machine data - Relevant technical information
This data helps us understand how you use Salesbuildr so we can enhance popular features, improve usability, and provide relevant tips and guidance.
Your Data Rights
Data deletion: If you decide to stop using Salesbuildr, we will completely remove your instance and all related data upon request. Simply contact us at support@salesbuildr.com to initiate a data deletion request.
Application Security
Secure Development Practices
Our development team follows industry-standard secure coding guidelines, including those recommended by OWASP (Open Web Application Security Project).
Vulnerability Management
We use a comprehensive approach to identify and address security vulnerabilities:
Scanning tools:
Azure Security Center
Google Cloud Security Scanner
Elasticsearch Security
These tools continuously monitor our codebase, dependencies, database, and infrastructure for potential vulnerabilities and improvement opportunities.
Vulnerability disclosure: If you discover a security vulnerability in Salesbuildr, please report it to support@salesbuildr.com. We take all reports seriously and are grateful to researchers who help us improve our security.
API Security
We protect our APIs using industry best practices:
Rate limiting - Prevents abuse and DDoS attacks
Activity logging - All API calls are logged and monitored
Anomaly detection - Unusual activities trigger alerts for investigation
Application Architecture
Salesbuildr uses a modern frontend-backend architecture where the frontend API communicates securely with the backend API to perform all operations.
Change Management & Release Process
Our Approach to Changes
We apply a systematic approach to ensure all changes are safe and well-communicated:
Before deployment, all changes are:
Reviewed - Peer review of code to catch errors proactively
Tested - Changes are tested in staging environments to ensure they work as expected
Approved - Management oversight ensures changes are prioritized appropriately
Deployment Process
Phased rollout - Changes are deployed gradually using automated processes
Rollback capability - We can quickly revert to previous versions if issues arise
Emergency changes - Logged, approved, and associated with incident reports
Release Schedule
Salesbuildr releases new code weekly or biweekly using separate development, testing, staging, and production environments. Check our release notes for information about the latest updates.
Development Methodology
Our Engineering team follows a formally documented Software Development Life Cycle based on Agile and Scrum methodologies, including:
Peer code review
Automated testing
Scenario testing
Security vulnerability scanning
Vendor Management
We carefully evaluate and monitor all third-party vendors to ensure they meet our security standards.
Our vendor management program includes:
Maintaining a critical vendor inventory
Evaluating vendors' security and privacy requirements
Conducting annual reviews of all critical vendors
Questions or Concerns?
If you have questions about our security practices or need additional information, please contact our support team at support@salesbuildr.com.