Toolkit CRM is a CRM application designed for financial advisors and their firms to manage their clients and work collaboratively as a team. The product is owned, operated, and supported by Blue Square Apps, Inc., located in Kelowna, BC.
We understand that our customers expect us to protect their data with the highest standards and are committed to providing them with a highly secure and reliable environment. Our security model and controls are based on international standards and industry best practices, such as ISO/IEC 27001.
With world-class infrastructure and a host of CRM privacy and security features, from user permissions to two-factor authentication, we are committed to protecting your data and keeping you informed on all levels and at all times.
Toolkit CRM follows best practices for application development to maintain a high level of security in the codebase. User data is stored on US and Canadian data servers and protected with bank-level encryption, two-factor authentication, and session time-out.
Secure infrastructure is probably the most prominent piece of your security puzzle. It's meant to ensure your foundation is rock solid and reliable so that security on all levels can be maintained at all times.
With Toolkit, you benefit from world-class hosting infrastructure from Google, state-of-the-art encryption for all data, whether at rest or in transit over public networks and daily backups.
Furthermore, our infrastructure is protected using multiple layers of defense mechanisms, including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
- DDoS mitigation and rate limiting
- Advanced routing configuration
We enforce password strength requirements and give users the option to enable two-factor authentication (2FA)
With two-factor authentication, Toolkit user can enter a code from their mobile phone, adding an extra layer of security for your account.
Toolkit's data centers are hosted on Google Cloud Platform infrastructure, where leading physical security measures are employed.
Toolkit's data center locations are:
- United States (Google)
- Canada (Google)
Google's data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
Google maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the Google Compliance website and you can read more about the specifics of their approach at https://cloud.google.com/security
As for our physical security in the offices include personal identification-based access control, CCTV and alarm systems.
Toolkit encrypts all data in transit:
- Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.0 at minimum
- User data is encrypted across our infrastructure using AES-256 or better
- Credentials are hashed and salted using a modern hash function
Toolkit is committed to providing continuous and uninterrupted service to all its customers. We consistently backup user data every day. All backups are encrypted and distributed to various locations to prevent data loss. We also have the ability to perform data recovery of our database in the event of a system-wide emergency.
Toolkit uses PCI compliant payment processor Stripe for encrypting and processing credit card payments. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. We do not store credit cards on our systems.