Skip to main content
Security & privacy

No bullshit when dealing with your data

Updated over a month ago

As a CRM provider, security is a high concern for us.

We understand our customers will host sensitive data for their business on our platform, which requires a high level of trust. That’s why we want to provide the best possible security coverage of our platform and datas.


SOC2 compliance

SOC2 is a general security framework where we have to comply on a defined list of criteria and published by an american organisation called AICPA (American Institute of Certified Public Accountants). SOC means “systems and organisation control”.

We are certified SOC2 type 1 this year (2024-2025).

GDPR compliance

We are fully GDPR compliant and are performing frequent security audits approved by Google. folk can store a broad range of data for its members:

  • Various “technical data” like the data source, update date, creation date, groups, language, etc., which may include identifiers like external IDs, hobbies, web URLs, and social media links.

  • “Personal data” of members and their contacts, including initials, phone numbers, pseudonyms, addresses, birthdates, gender, email, role, company name, photos, and first names.

We do not transfer or sell personal data to any third parties. We use the collected information for the purpose of providing and improving the service, identifying and communicating with users, and responding to valid legal processes and requests from government authorities. Users have the right to access, modify, and oppose the processing of their personal data, and to obtain communication of them in a structured, readable format.

About our technical platform

Our platform is hosted on Amazon Web Services (AWS) in North Virginia regions (us-east-1).

We use services able to scale and deploy them on multiple availability zones in the region, we follow AWS recommendation on their services usage to ensure continuity.

The technical team is the only one that has access to the production environment. Each team member authenticates using a unique login/password with MFA enforced for each member. Password rotation is enforced every 90 days.

We use some third parties services to support some of our features, we always check their level of service and their security level comply with our expectations for folk service.

Safety of data

Our storages are encrypted at rest and all our data systems use secure protocols to communicate. We have never been breached for data theft.

For more information, please refer to our terms of use and privacy policy.

If you have any question on this topic, please email us at privacy@folk.app

Did this answer your question?