Security Policy | Crush Security

Our Commitment

Security is at the core of everything we do at Crush Security. We are committed to protecting the confidentiality, integrity, and availability of our customers' data through industry-leading security practices.

Infrastructure Security

Cloud hosting: Our platform is hosted on Microsoft Azure with enterprise-grade security controls.
Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Network security: Multi-layered network protection including firewalls, DDoS mitigation, and intrusion detection.
Isolation: Customer data is logically isolated with strict tenant separation.

Authentication & Access

Enterprise SSO via Microsoft Entra ID (Azure AD)
Role-based access control (RBAC) with least-privilege principles
Multi-factor authentication support
Session management with automatic timeout

Data Protection

Regular automated backups with point-in-time recovery
Data residency options to meet regional compliance requirements
Comprehensive audit logging of all data access
Data retention policies aligned with customer agreements

Security Operations

24/7 infrastructure monitoring and alerting
Regular vulnerability assessments and penetration testing
Dependency scanning and software composition analysis
Incident response plan with defined escalation procedures

Responsible Disclosure

We welcome reports from security researchers. If you discover a vulnerability, please contact us at info@crushsecurity.com. We are committed to working with the security community to verify, reproduce, and respond to legitimate reports.

Compliance

Our security practices are designed to align with industry standards including SOC 2, ISO 27001, and GDPR requirements. For compliance inquiries, contact info@crushsecurity.com.

Contact

For security questions or to report an issue, reach us at info@crushsecurity.com.