Security

Our first responsibility is to protect and safeguard your data. We are the only CRM software provider that encrypts customer data in-transit and at-rest. Our service is routinely audited by Google and 3rd party security consulting firms to assess our infrastructure and test for any introduced vulnerabilities. Additionally, our infrastructure uses threat detection software and the latest security capabilities provided by Amazon Web Services — the most secure and reliable cloud infrastructure provider on the market.

FreeAgent is the next generation of CRM. Unlike other CRM providers that use outdated decades old methods for server infrastructure, FreeAgent builds infrastructure using modern AWS technologies, the most sophisticated and widely used cloud service on the planet.

Architecture

Data Security

Security matters. We’ve invested in a better way to protect and safeguard your data. We encrypt your data in-transit and at-rest and use Amazon VPC private subnets.

  • Your data is 100% safe
  • Your data is 100% secure
  • Your data is 100% private

In-Transit Data Encyption

Encryption in transit. All inbound/outbound communication outside of our private data network is always encrypted using secure TLS 1.2/1.3 protocols.

At-Rest Data Encyption

Encryption at REST. Data stored on servers in our private network are always encrypted using secure AWS KMS technology with keys that are periodically rotated, ensuring physical access to disk storage is completely secured.

Continuous Backups

FreeAgent Data is continuously backed up and available to be restored in case of potential data loss. Backups are securely stored at REST using AWS KMS technology.

Data Isolation

Each customer’s data is logically separated from one another in a manner that data never co-exists, ensuring a high level of isolation.



Data Integrity

Data stored in FreeAgent is continually replicated, storing 6 copies of data across 3 separate data centers, ensuring high levels of data durability.

Availability

100% available: zero downtime, period
100% performant: every tier auto-scales or has ‘infinite’ capacity e.g. Lambda
Integration-friendly: every action available through UI also available via well-documented, open APIs

Continuous Uptime

No Scheduled maintenance downtime, our customers can expect service to be up 24/7 throughout the year.

Redundant Backup

Compute and Data infrastructure is architected to be redundant across physical data center locations, ensuring completely automated disaster recovery for our customers.

Monitored Response Times

The FreeAgent platform ensures sub-second response times for >95% of our requests we continually monitor and publish metrics at: status.freeagentcrm.com

Operational Security

Threat Detection

All network traffic to our data centers are continually audited and monitored using advanced intelligent threat detection software.

Policy Management

Strict policies in place for infrastructure configuration management, which are continually monitored with automated alerts for any breaches in established policies.

Consistent Security Audits

We use a combination of automated and periodic 3rd party penetration testing performed by vendors to minimize vulnerabilities.

Application Security

Secure your data from internal risks with custom roles and ACLs. 

Simple Security Setup

The FreeAgent platform provides one of the most advanced and easy to set up security controls for our customers, with no impact on performance. A feature unique to FreeAgent in the CRM industry.

Record Level Access

Read, Create, Update, and Delete operations are based on advanced conditional filters for controlling access to the subset data.

Field level Access

Access and modification operations can be controlled for sensitive data within records themselves.

Role Specific Configuration

Access to navigation, form rules, and automations. All of our platform configurations can be customized to apply to specific sets of roles.

Team Configuration

Hierarchical data visibility setup via teams. Ensure data access is logically separated across different teams in your organization.

Compliance Certifications

ISO 27001 Certification

FreeAgent is certified on the most widely accepted international information security framework globally.

Google OAuth Compliance

FreeAgent undergoes routine compliance assessments with our integration partners like Google, ensuring our customer’s integration data is completely secured.

HIPAA Compiliant

FreeAgent is one of the few HIPAA certified CRMs on the market, meaning Health Field and Insurance Information can be secured within FreeAgent maintaining nationally recognized compliance standards.

Privacy Policies & Data Handling

Master Subscription Agreement

This subscription service agreement is a legal agreement between you and FreeAgent governing your use of the FreeAgent Platform, including any applicable free trials.

Product Privacy Policy

This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process Personal Data. It also describes your choices regarding use, as well as your rights of access and correction of Personal Data.

Acceptable Use Policy

 This Acceptable Use Policy is designed to ensure compliance with the laws and regulations that apply to any FreeAgent Service.