Security

    Our first responsibility is to protect and safeguard your data. We are the only CRM software provider that encrypts customer data in-transit and at-rest. Our service is routinely audited by Google and 3rd party security consulting firms to assess our infrastructure and test for any introduced vulnerabilities. Additionally, our infrastructure uses threat detection software and the latest security capabilities provided by Amazon Web Services — the most secure and reliable cloud infrastructure provider on the market.

    FreeAgent is the next generation of CRM. Unlike other CRM providers that use outdated decades old methods for server infrastructure, FreeAgent builds infrastructure using modern AWS technologies, the most sophisticated and widely used cloud service on the planet.

    Architecture

    Data Security

    Security matters. We’ve invested in a better way to protect and safeguard your data. We encrypt your data in-transit and at-rest and use Amazon VPC private subnets.

    • Your data is 100% safe
    • Your data is 100% secure
    • Your data is 100% private

    In-Transit Data Encyption

    Encryption in transit. All inbound/outbound communication outside of our private data network is always encrypted using secure TLS 1.2/1.3 protocols.

    At-Rest Data Encyption

    Encryption at REST. Data stored on servers in our private network are always encrypted using secure AWS KMS technology with keys that are periodically rotated, ensuring physical access to disk storage is completely secured.

    Continuous Backups

    FreeAgent Data is continuously backed up and available to be restored in case of potential data loss. Backups are securely stored at REST using AWS KMS technology.

    Data Isolation

    Each customer’s data is logically separated from one another in a manner that data never co-exists, ensuring a high level of isolation.



    Data Integrity

    Data stored in FreeAgent is continually replicated, storing 6 copies of data across 3 separate data centers, ensuring high levels of data durability.

    Availability

    100% available: zero downtime, period
    100% performant: every tier auto-scales or has ‘infinite’ capacity e.g. Lambda
    Integration-friendly: every action available through UI also available via well-documented, open APIs

    Continuous Uptime

    No Scheduled maintenance downtime, our customers can expect service to be up 24/7 throughout the year.

    Redundant Backup

    Compute and Data infrastructure is architected to be redundant across physical data center locations, ensuring completely automated disaster recovery for our customers.

    Monitored Response Times

    The FreeAgent platform ensures sub-second response times for >95% of our requests we continually monitor and publish metrics at: status.freeagentcrm.com

    Operational Security

    Threat Detection

    All network traffic to our data centers are continually audited and monitored using advanced intelligent threat detection software.

    Policy Management

    Strict policies in place for infrastructure configuration management, which are continually monitored with automated alerts for any breaches in established policies.

    Consistent Security Audits

    We use a combination of automated and periodic 3rd party penetration testing performed by vendors to minimize vulnerabilities.

    Application Security

    Secure your data from internal risks with custom roles and ACLs. 

    Simple Security Setup

    The FreeAgent platform provides one of the most advanced and easy to set up security controls for our customers, with no impact on performance. A feature unique to FreeAgent in the CRM industry.

    Record Level Access

    Read, Create, Update, and Delete operations are based on advanced conditional filters for controlling access to the subset data.

    Field level Access

    Access and modification operations can be controlled for sensitive data within records themselves.

    Role Specific Configuration

    Access to navigation, form rules, and automations. All of our platform configurations can be customized to apply to specific sets of roles.

    Team Configuration

    Hierarchical data visibility setup via teams. Ensure data access is logically separated across different teams in your organization.

    Compliance Certifications

    ISO 27001 Certification

    FreeAgent is certified on the most widely accepted international information security framework globally.

    Google OAuth Compliance

    FreeAgent undergoes routine compliance assessments with our integration partners like Google, ensuring our customer’s integration data is completely secured.

    HIPAA Compiliant

    FreeAgent is one of the few HIPAA certified CRMs on the market, meaning Health Field and Insurance Information can be secured within FreeAgent maintaining nationally recognized compliance standards.

    Privacy Policies & Data Handling

    Master Subscription Agreement

    This subscription service agreement is a legal agreement between you and FreeAgent governing your use of the FreeAgent Platform, including any applicable free trials.

    Product Privacy Policy

    This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process Personal Data. It also describes your choices regarding use, as well as your rights of access and correction of Personal Data.

    Acceptable Use Policy

     This Acceptable Use Policy is designed to ensure compliance with the laws and regulations that apply to any FreeAgent Service.