Our priority is to make Luru the most reliable and secure Revops platform. From inception, our goal was to ensure peace of mind for our customers - We take security very seriously.
We continually invest and upgrade our information security policies and practices. We are SOC2 Type1 Compliant and GDPR ready.
We only store schemas and access control details from your CRM. To access any records we make just-in-time API calls to fetch the data and it resides temporarily only on your browser - None of it is stored in Luru databases.
Click here for more details
Luru honours your CRM permissions and can only access the data that a given user has permissions for.
Luru is built as a pure multi-tenant SaaS application. At the data layer, all customer accounts are logically isolated with data access limited only to the account’s users
All customer data is stored within AWS and encrypted at rest, providing an added layer of security. Protecting data at rest reduces the risk of unauthorized access, with encryption and access controls.
All customer data is encrypted in transit using the Transport Layer Security (TLS) protocol. Insecure protocols, such as HTTP, are either redirected to HTTPS or blocked using AWS security groups.
You access Luru using your CRM login which means we automatically follow your SSO configuration that your CRM uses. If you use MFA for your CRM login it also cascades to Luru logins.
A philosophy of least privilege underpins our approach to access controls. Employees have only the minimum level of access required to do their jobs. All Luru employees undergo continuous security awareness training.
Our infrastructure is regularly scanned for vulnerabilities. Additionally, we work with 3rd party penetration testing providers to uncover security loopholes and threats. Our latest penetration testing was done on 25 Sep 2023. Report available on request.
All data stored by Luru is backed up daily. To prevent data loss, we regularly restore and test all backups.
All customer data is stored and backed up in highly secure AWS data centers. Please check AWS’s data center page to learn more about their practices
We follow an iterative approach to investigate issues, contain exploitations, remediate vulnerabilities, and document lessons learned.
These are the only CRM data that we store.
1. Notes that are created in Luru - both private notes (ie, notes that are not synced to CRM) and synced notes (that are also synced to CRM objects). We store this because notes created in Luru are "smart" notes that can contain embedded tasks, fields and collections.
2. Email Id and user-id of connected users (as given by the connected CRM) along with user tokens to access connected services on their behalf.
3. Some non-CRM record data that we cache for performance reasons
- User access details for CRM records i.e., whether a user has read / edit / delete access to records that are accessed.
- Schemas of each CRM object: Schemas contain list of fields, properties of each field (such as label, data type of the field, allowed values in case of picklist, etc.).
- List of Slack / Teams / GChat channels and users. This includes user and channel properties.
- List of all CRM objects along with their properties.