How we protect data and accounts

Crumm is built to protect customer data, account access and business information with care. On this page we explain the technical and organizational measures we take, without publishing sensitive implementation details.

What you can expect from us

We combine application, session, access and operational security controls. This reduces risk, limits access to sensitive areas, records important actions and helps us respond faster if something goes wrong.

1. Protected access

• Accounts are protected with strong password handling and secure session management.
• Multi-factor authentication with an authenticator app is available and enforced for high-risk administrative actions.
• Access to sensitive areas is restricted based on roles and permissions.

2. Protection of sensitive data

• Sensitive data is encrypted or hashed at rest where appropriate.
• Recovery codes and similar security data are not stored in readable form.
• Data exchange takes place over secure connections.

3. Protection against abuse

• We limit and monitor sensitive flows such as login, account security and administrative actions.
• The platform uses security headers and a strict Content Security Policy to reduce common browser-based attacks.
• Sensitive changes are only allowed within controlled sessions and protected server-side flows.

4. Visibility and control

• Important administrative and security actions are logged for review and follow-up.
• We keep visibility into settings, dependencies and operational security checks.
• When anomalies or risks appear, we can investigate and take appropriate action.

5. Ongoing maintenance

• We periodically update security measures, dependencies and internal processes.
• Backups and recovery measures are part of our operational setup.
• Security is included in new feature work, documentation and release checks.

Also read our privacy policy for information about which personal data we process and why.

Last updated: 24-03-2026