FAQ: Data Security and Privacy
Common questions about how HARi CRM protects your data.
Where is my data stored?
Section titled “Where is my data stored?”Your data is stored on secure servers with enterprise-grade infrastructure. Data residency options are available for organizations with specific geographic requirements.
Is my data encrypted?
Section titled “Is my data encrypted?”Yes. All data is encrypted in transit using TLS 1.3 (the same encryption used by banks). Data at rest is also encrypted using AES-256 encryption.
Who can access my data?
Section titled “Who can access my data?”Only users in your organization with valid credentials can access your data. HARi support staff can only access your data with your explicit permission for troubleshooting purposes. We never sell, share, or use your data for advertising.
Do you back up my data?
Section titled “Do you back up my data?”Yes. Automated backups run daily with a 30-day retention period. In the event of data loss, we can restore your data to any point within the last 30 days.
What happens to my data if I cancel?
Section titled “What happens to my data if I cancel?”Your data is retained for 90 days after cancellation in case you want to reactivate. After 90 days, it is permanently deleted from our servers, including all backups.
Can I export all my data?
Section titled “Can I export all my data?”Yes, at any time. Go to Settings > Import/Export to export any or all of your entities as CSV files. You always own your data and can take it with you.
How do you handle passwords?
Section titled “How do you handle passwords?”Passwords are hashed using industry-standard algorithms (bcrypt). We never store passwords in plain text. Even HARi administrators cannot see user passwords.
Do you support two-factor authentication (2FA)?
Section titled “Do you support two-factor authentication (2FA)?”Yes. Users can enable 2FA in their profile settings. We support authenticator apps (TOTP-based).
What about GDPR compliance?
Section titled “What about GDPR compliance?”HARi is designed with privacy by design. You can delete individual records, export all personal data, and manage consent — the core capabilities needed for GDPR compliance. We also offer a Data Processing Agreement (DPA) for organizations that require one.
How do I report a security concern?
Section titled “How do I report a security concern?”If you discover a potential security vulnerability, please contact us immediately. We take all security reports seriously and respond within 24 hours.
Still have questions?
Section titled “Still have questions?”Contact our team for detailed security documentation or to discuss specific compliance requirements for your organization.