Security & privacy

As a CRM provider, security is a high concern for us.

We understand our customers will host sensitive data for their business on our platform, which requires a high level of trust. That’s why we want to provide the best possible security coverage of our platform and datas.

SOC2 is a general security framework where we have to comply on a defined list of criteria and published by an american organisation called AICPA (American Institute of Certified Public Accountants). SOC means “systems and organisation control”.

We are certified SOC2 type 1 this year (2024-2025).

We are fully GDPR compliant and are performing frequent security audits approved by Google. folk can store a broad range of data for its members:

We do not transfer or sell personal data to any third parties. We use the collected information for the purpose of providing and improving the service, identifying and communicating with users, and responding to valid legal processes and requests from government authorities. Users have the right to access, modify, and oppose the processing of their personal data, and to obtain communication of them in a structured, readable format.

Our platform is hosted on Amazon Web Services (AWS) in North Virginia regions (us-east-1).

We use services able to scale and deploy them on multiple availability zones in the region, we follow AWS recommendation on their services usage to ensure continuity.

The technical team is the only one that has access to the production environment. Each team member authenticates using a unique login/password with MFA enforced for each member. Password rotation is enforced every 90 days.

We use some third parties services to support some of our features, we always check their level of service and their security level comply with our expectations for folk service.

Our storages are encrypted at rest and all our data systems use secure protocols to communicate. We have never been breached for data theft.