SalesMonitor
FI·SV·EN
Back to home

Security

Effective: 21 May 2026 Last updated: 21 May 2026 Version: 1.0

SalesMonitor's security is designed to meet modern SaaS standards. This page summarises our key security practices.

1. Infrastructure

  • Cloudflare Pages hosts the website and app frontend on a global edge network
  • Cloudflare Workers runs serverless backend logic close to users
  • Customer data is stored in Supabase EU (Stockholm)
  • Cloudflare WAF and DDoS protection are enabled
  • TLS 1.2+ is enforced; HSTS is active

2. Encryption

  • All traffic is encrypted with TLS 1.2 or later
  • Data at rest is encrypted with AES-256
  • Secrets (API keys, tokens) are stored in isolated stores
  • Backups are encrypted

3. Access control

  • Passwords are hashed with bcrypt (or an equivalent modern algorithm)
  • Two-factor authentication is recommended for customers and mandatory for staff
  • Role-based access control and the principle of least privilege

4. Monitoring

  • Logging of logins and critical actions
  • Automated detection of anomalous activity
  • 24/7 monitoring of production systems

5. Incident response

  1. Detection
  2. Containment
  3. Recovery
  4. Notification to customers without undue delay and to the supervisory authority within 72 hours (GDPR art. 33)
  5. Root-cause analysis and improvements

6. Backups

  • Daily backups of all customer data
  • Point-in-time recovery via Supabase
  • Backups retained for 30 days

7. Business continuity

  • RTO: 24 hours
  • RPO: 24 hours
  • Documented recovery plan

8. Third parties

All sub-processors have a DPA with us. Provider selection considers certifications (SOC 2, ISO 27001). The list of sub-processors is in the privacy policy.

9. Responsible disclosure

Send security findings to info@salesmonitor.io with the subject "Security finding". We aim to respond within 5 business days and ask that findings are not published until the issue is resolved.

10. Compliance

  • GDPR (EU 2016/679)
  • Finnish Data Protection Act (1050/2018)
  • SOC 2 and ISO 27001 are on our longer-term roadmap

Contact

Email: info@salesmonitor.io Security findings: info@salesmonitor.io (subject: "Security finding")