At Oomph CRM, we take security seriously, which is why we use Two-Factor Authentication (2FA) to protect our systems and data. 2FA adds an extra layer of protection by requiring users to verify their identity with something they know, like a password, and something they have, like a smartphone or security token. This ensures that only authorised individuals can access our systems, significantly reducing the risk of unauthorised access.

We utilise AES-256 encryption, one of the most advanced and secure encryption standards available, to protect sensitive data. This military-grade encryption ensures that all stored information remains safe and inaccessible to unauthorised parties, giving our clients peace of mind that their data is in trusted hands.

All data stored on our servers is encrypted using Amazon Web Services' Server-Side Encryption (SSE). This technology provides automatic encryption at rest, ensuring that sensitive information remains secure, even if accessed outside our systems.

To safeguard data as it moves between systems, we employ HTTPS encryption. This ensures that all information transferred to and from Oomph CRM is securely encrypted, preventing interception and protecting sensitive communications from external threats.

Our API security is enhanced by Laravel Sanctum, which provides secure, token-based authentication for communication between services. This ensures that only verified and trusted systems can access sensitive operations, maintaining the integrity of our platform.

Oomph CRM is secured with SSL certificates issued by Let's Encrypt, a trusted authority. SSL protects your connection to our platform by encrypting all data exchanged, ensuring privacy and preventing tampering or eavesdropping during communication.

To ensure the authenticity of our emails, Oomph CRM employs DKIM. This technology digitally signs outgoing emails, verifying their origin and protecting against email spoofing or tampering, ensuring your communications with us are secure.

SPF is implemented across all our email communications, verifying that messages sent from Oomph CRM are authorised and originating from trusted servers. This helps prevent phishing attacks and protects our clients from fraudulent emails.

Our email systems operate within a Virtual Private Cloud (VPC), providing an additional layer of security. The VPC isolates our email infrastructure, ensuring it remains protected from unauthorised access and external threats.

Oomph CRM adheres to SOC 2 Type II standards, ensuring that our data storage practices meet the highest levels of security, availability, and confidentiality. This certification demonstrates our commitment to safeguarding sensitive information.

As an ISO 27001-certified organisation, we follow internationally recognised best practices for information security management. This certification highlights our dedication to protecting our clients' data against risks.

For clients in healthcare and related industries, Oomph CRM complies with HIPAA regulations, ensuring that protected health information (PHI) is stored and managed securely.

Our platform meets PCI-DSS requirements, ensuring that any payment information processed through Oomph CRM is handled securely and in compliance with industry standards.

We follow CJIS compliance standards for clients handling criminal justice information, ensuring all data meets rigorous security requirements mandated by law enforcement agencies.

Oomph CRM is fully GDPR-compliant, ensuring the protection of personal data and respecting the privacy rights of our clients and their users, especially for those based in the EU.

We follow CIS Benchmarks to maintain best practices for system configuration and security. These guidelines ensure that our systems are hardened against vulnerabilities and remain resilient against threats.

For clients requiring ITAR compliance, we offer secure storage and handling of controlled data, ensuring adherence to strict regulations governing the export and security of defence-related information.

Oomph CRM utilises FIPS 140-2 compliant encryption for sensitive data, meeting rigorous federal security standards and providing enhanced protection for our clients’ information.