Security
Your customers' data doesn't belong to us
Succesvyx handles account data — CRM records, usage metrics, billing signals — on your behalf. We process only what's needed to generate health scores. We do not use customer data for model training. We do not share data across tenants.
Security controls
Encryption in transit and at rest
All data is encrypted over TLS 1.2 or higher in transit. Customer data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service.
Access controls
Role-based access control (RBAC) with least-privilege principles. All production access is logged and audited. Multi-factor authentication (MFA) is required for all internal engineers.
Infrastructure
Succesvyx runs on AWS infrastructure in the US-West-2 region. Systems are isolated per-tenant. Automated infrastructure security scanning runs on every deploy.
Monitoring and incident response
24/7 automated infrastructure monitoring with alerting. We have a documented incident response plan and will notify affected customers within 72 hours of a confirmed breach.
Employee access
No Succesvyx employee accesses customer data without an explicit, logged, customer-approved support reason. Customer data is never used for model training without explicit opt-in consent.
SOC 2 Type II audit in progress
Our platform is designed with SOC 2 Type II controls in place. We are currently undergoing formal audit preparation and expect to have our SOC 2 Type II report available in late 2026.
Data handling practices
What data we process
Succesvyx processes customer account data that you provide via CRM, billing, and product analytics integrations. This includes account metadata (company name, contract value, renewal date), usage metrics, and relationship records. We do not process or store personal data about your end-users beyond what is required to generate health scores.
Data residency
All customer data is processed and stored in the United States (AWS US-West-2). We do not transfer customer data outside the US without explicit customer consent.
Data retention and deletion
We retain your customer data for the duration of your active subscription plus 30 days. Upon subscription cancellation, you may request full data deletion at any time within that 30-day window. Deletion requests are processed within 5 business days and confirmed in writing.
Sub-processors
We use a limited set of sub-processors (AWS, Stripe) and maintain a current list available on request. All sub-processors are contractually required to maintain equivalent security standards.
Questions and requests
For security questions, vulnerability disclosure, or data processing inquiries, contact us at [email protected].
Questions about how we handle your data?
Our team is happy to answer questions before you sign up.