Trust Center
This page brings together the security, privacy, infrastructure, and assurance details that customers, procurement teams, and security reviewers typically look for during vendor evaluation.
Trust Overview
Competitor trust centers from vendors like HubSpot, Pipedrive, Salesforce, and Zoho generally make procurement easier by centralizing answers around certifications, privacy, subprocessors, and controls. We use that same structure here while keeping every claim aligned to what is currently reflected in this repository.
Primary certification
SOC 2 Type II
Encryption
AES-256 at rest and TLS 1.3 in transit
Identity controls
RBAC, MFA, and SSO support
Hosting footprint
AWS in U.S. regions
Certifications & Compliance
SOC 2 Type II
HelloGrowthCRM publicly positions SOC 2 Type II as its primary independent security certification.
Encryption
Current trust materials reference AES-256 encryption at rest and TLS 1.3 encryption in transit.
Hosting
Current infrastructure references indicate AWS-hosted environments in U.S. regions including Virginia and Ohio.
Resilience
Operational controls are described around backups, recovery readiness, and service reliability.
Security Practices
These are the control areas most often reviewed during CRM security and vendor diligence.
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication
- SSO via SAML 2.0 / OIDC
- Administrative access controls
Data Protection
- AES-256 encryption at rest
- TLS 1.3 in transit
- Backups and recovery processes
- Infrastructure protection controls
Monitoring and Response
- Security monitoring
- Incident response procedures
- Regular security reviews
- Annual penetration testing references
Governance
- SOC 2 Type II oversight
- Vendor and subprocessor review
- Operational security controls
- Change and access management practices
Reviewer Summary
Most security reviews focus on a consistent set of questions. This section summarizes how HelloGrowthCRM currently answers those questions at a high level.
Infrastructure
Public product materials reference AWS-hosted infrastructure in the United States together with backup and recovery-oriented controls.
Identity and Access
Current trust references include RBAC, MFA, and SSO support to help customers control user access and reduce account risk.
Operational Assurance
Current materials reference SOC 2 Type II, penetration testing, monitoring, and incident response as part of the platform’s operating model.
Subprocessors
These are the main provider categories currently referenced across the product and website experience.
| Service | Purpose | Location |
|---|---|---|
| AWS | Cloud infrastructure and hosting | USA |
| Stripe | Payment processing | USA |
| Resend | Transactional email delivery | USA |
| Twilio | Voice, SMS, and WhatsApp workflows | USA |
| ElevenLabs | AI voice features | USA |
| OpenAI | AI-assisted product features | USA |
| Google AI | AI-assisted product features | USA |
| Google Analytics | Website analytics | USA |
| Microsoft Clarity | Website behavior analytics | USA |
| Calendly | Meeting scheduling | USA |
Incident Response
Detection
Security monitoring and operational controls are used to identify suspicious events and potential incidents.
Assessment
Events are triaged to evaluate scope, impact, severity, and required remediation actions.
Containment
Where needed, we restrict access, rotate credentials, isolate affected components, or apply additional mitigations.
Recovery and notice
We restore operations, document remediation, and provide notice where required by law or contract.
SOC 2 Type II Focus
We kept this section concise and easy to review because independent assurance is one of the first things enterprise buyers compare across trust centers.
Security
Trust service criteria highlighted in current materials
Availability
Trust service criteria highlighted in current materials
Confidentiality
Trust service criteria highlighted in current materials
Questions About Security?
Contact us for follow-up questions related to security review, compliance discussions, or procurement diligence.