With SteepRock, your data is safe and confidential. We don’t rely on a public-domain cloud, unlike many CRM providers who relinquish control to Amazon or Google. Our customers’ data is securely stored on SteepRock’s private servers, which are exclusively managed by and accessible to SteepRock engineers.

Physical security (Data centers)

  • SSAE 16 Type II (formerly SAS 70) audited
  • Keycard access and 24h staffed reception desk
  • Mulitple biometric scanning protocols (hand/palm/retina)
  • 24/7/365 video monitoring
  • Locked cabinets
  • Physically separate network operations centers (NOCs)

Logical security (Networks and servers)

  • Swiss and EU Data Protection Directive Safe Harbor certified hosting
  • Firewalls only accept traffic from recognized hosts
  • End-to-end encryption (SSL)
  • Only essential ports and services are accessible
  • No direct access to databases
  • Logically separate networks
  • Data abstraction layer (Avoids SQL injection vulnerabilities)
  • Databases only accessible via the application, not from outside
  • Multiple redundant backups and fail-over for all production services