TransferCRM carries VIP itineraries, corporate contracts and payment flows. We treat that responsibility as the product — European hosting, strict tenant isolation and backups we actually rehearse restoring.
Production systems and backups live in the European Union. Your data never needs a transatlantic excuse.
Every record is scoped to your workspace at the database layer. No shared lists, no cross-tenant leaks.
Six roles with least-privilege defaults, two-factor authentication, and session revocation when a phone goes missing.
TLS on every connection, encrypted storage at rest, hashed credentials — the boring hygiene done properly.
Snapshots every 15 minutes, nightly encrypted archives kept off-site, and an automated weekly restore drill that proves they work.
Card data never touches our servers — payments run on your own PCI-DSS compliant Stripe account.
A DPA is part of every subscription, with our subprocessors listed publicly in the legal notice.
Export any client's data or erase it on request — tools for data-subject rights are built into the CRM.
Logs and personal data follow documented retention periods instead of living forever.
Stripe, Google, Pusher and our EU hosting provider — the full list stays public and current.
Write to hello@transfercrm.com with the details. We read every report, respond quickly and credit responsible disclosure.
Security questions before you commit? We answer procurement and DPO questionnaires for Business and Enterprise plans. Contact→