Early adopter pricing — lock in your rate before it goes up.Lock in early adopter pricing today.Book a free demo

Security

Your Data Is Your Business. Only Yours.

This page describes our current security practices. It is provided for informational purposes and does not create contractual obligations beyond those set forth in our Terms of Service and Privacy Policy.

Our Approach

We built Raabto with the principle that your CRM data belongs to you. Security is not an afterthought — it is foundational to how we design, build, and operate the platform.

Infrastructure & Encryption

Data transmitted between your browser and our servers is encrypted using TLS. Sensitive data such as passwords, third-party credentials, and API tokens are encrypted at rest using industry-standard algorithms. Passwords are irreversibly hashed and are not stored in readable form.

Access Controls

Our team does not access your CRM data in the ordinary course of business. Access controls are enforced at the system level, not just through company policy. Platform administrators manage accounts, billing, and support — but do not have routine access to your contacts, messages, or customer records.

Account Isolation

Each customer workspace is isolated at the database level. Your data is isolated from every other account on the platform. This isolation is enforced through account-scoped queries verified with automated testing.

Authentication

Sessions are short-lived and expire automatically. Two-factor authentication is available. Verification codes expire within minutes and are not stored after use. Account recovery includes a built-in safety window with email alerts to help detect unauthorized access attempts.

AI Features

When you use our AI-assisted writing features, your draft message content is processed by our AI providers (Anthropic and OpenAI) to generate suggestions. Only the content you submit to the AI feature is sent to AI providers. AI providers are prohibited under their API terms from using your content to train models. AI features are optional and can be disabled at any time.

Third-Party Services

We use a limited number of trusted service providers to operate the platform, including for hosting, error diagnostics, and communications. Our providers are required under their terms of service to maintain appropriate security standards. Details are available to enterprise customers through a Data Processing Agreement.

Your Data, Your Control

You can export your data at any time during your active subscription. You can request account deletion and all data is removed from our production systems. Encrypted backups are purged on their regular rotation schedule.

Incident Response

We monitor for suspicious activity across the platform. Security events are logged with audit trails. If an incident affects your account, we will notify you in accordance with our Privacy Policy. In the event of a security breach, we comply with applicable breach notification laws.

Compliance

Raabto is designed to comply with PIPEDA (Canada’s federal privacy law) and is designed to meet the privacy requirements of Apple, Google, and Meta platforms. We are committed to pursuing SOC 2 Type II certification as the platform matures. If you have specific compliance requirements, contact security@raabto.com.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@raabto.com. We take all reports seriously and will respond promptly. We do not intend to take legal action against researchers who report vulnerabilities responsibly and in good faith, provided they do not access, modify, or delete customer data.

Questions?

Have security questions? Reach out at security@raabto.com

We’re happy to discuss our practices in detail with your IT or compliance team.