OruCRM
Back to Home

Security at OruCRM

We take the security of your data seriously. This page outlines our commitment to protecting your information.

Last updated: February 3, 2026

Data Protection

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using secure protocols.

Encryption at Rest: Sensitive data including API keys and credentials are encrypted using industry-standard encryption.

Password Security: User passwords are securely hashed and never stored in plain text.

Access Control

Role-Based Permissions: Granular access controls ensure team members only access what they need.

Session Management: Automatic session expiration and invalidation when credentials change.

Email Verification: New accounts require email verification before activation.

Monitoring & Audit

Activity Logging: Significant actions are logged for security review and compliance.

Access Tracking: Login attempts and account activity are monitored.

Change History: Data modifications are tracked for accountability.

Webhook Security

Secret Validation: Webhook endpoints are protected with unique secret keys.

IP Restrictions: Optional IP allowlisting to restrict webhook sources.

Request Verification: Protection against replay attacks and unauthorized access.

AI Privacy

Data Minimization: Only necessary data is processed for AI analysis.

No Raw PII: Personal information is aggregated or anonymized before AI processing.

Read-Only Analysis: AI features cannot modify your data.

Account Security

Organization Isolation: Data is strictly separated between organizations.

Secure Deletion: Deleted data is permanently removed after a recovery period.

Data Export: Full data export available before account closure.

Security Best Practices

We recommend the following practices to keep your account secure:

  • Use a strong, unique password for your OruCRM account
  • Do not share your account credentials with others
  • Keep your webhook secrets confidential
  • Regularly review team member access and remove unused accounts
  • Log out from shared or public computers

Vulnerability Disclosure

We appreciate the security community's efforts in helping us keep OruCRM secure. If you discover a security vulnerability, please report it responsibly.

How to Report

  • Email your findings to security@orucrm.com
  • Include steps to reproduce the vulnerability
  • Allow us reasonable time to address the issue before public disclosure

Our Commitment

  • We will acknowledge receipt of your report promptly
  • We will keep you informed of our progress
  • We will not pursue legal action against researchers acting in good faith

Contact

For security-related inquiries, please contact us at: security@orucrm.com