SpaceCRM / Trust & Security
Enterprise-grade security for teams of every size.
SpaceCRM is built on a security-first foundation. SOC 2 Type II audited, GDPR compliant, encrypted in transit and at rest, with EU data residency available on Business and Enterprise plans.
Active Certifications
03 verifiedIndependently audited security and availability controls
EU data protection regulation with full DPA support
Backed by a contractual service-level agreement
Compliance & Security
06 pillarsSOC 2 Type II
Independently audited security and availability controls. The SOC 2 Type II report covers a full 12-month observation period and is renewed annually.
GDPR CompliantVerified
Full data processing agreement (DPA) on request. EU data residency available on Business and Enterprise plans. Right to erasure, portability, and access supported out of the box.
Encryption
TLS 1.3 in transit. AES-256 at rest. Customer-managed encryption keys (CMEK) available on Enterprise. Hardware security modules protect signing keys.
Data Residency
EU and US data center regions available. Customer data does not leave the region you choose. Backups encrypted and stored in the same region.
Identity & Access
SAML 2.0 single sign-on, SCIM provisioning, role-based access controls (RBAC), two-factor authentication enforced for all admin accounts, full audit log retention for 2 years.
Uptime
99.9% uptime SLA on Business and Enterprise plans, backed by service credits. Public status page at status.spacecrm.net.
Full Posture
04 signals trackedSub-Processors
08 vendorsUpdated quarterly. For the full sub-processor agreement and 30-day change notice, see our Privacy Policy.
Security & Compliance
Questions about our security posture?
We respond to security questionnaires within 2 business days. SOC 2 reports and DPAs available under NDA.