---
title: CRM Exit Security and Data Handling
description: How CRM Exit approaches source access, migration copies, Shadow Mode, destination security, audit evidence, retention, and deletion.
---

# Security is part of the exit method

CRM exits involve customer histories, personal data, contracts, communications, files, permissions, and operational workflows. Security cannot be deferred until after the migration design.

## Our approach

- Request least-privilege source access appropriate to the agreed scope.
- Do not collect production credentials through website forms.
- Encrypt transfers and stored migration data.
- Restrict and audit access.
- Separate customer environments.
- Control Shadow Mode side effects.
- Define retention and deletion before extraction.
- Preserve evidence of mappings, reconciliation, exceptions, and approvals.
- Document subprocessors and deployment locations.

## Business Case Generator and forms

The initial Business Case inventory and calculation run in the browser. Values are sent only when the visitor explicitly attaches the calculated case to the contact form and submits it. Website forms collect only qualification and response information; they do not accept CRM exports, customer records, passwords, or API tokens.

Public agent endpoints are read-only. They expose method, schema, source, claim, taxonomy, and synthetic example data. They do not accept private Business Case inputs.

## Customer-specific security pack

Qualified projects can receive architecture, data flow, subprocessors, access controls, retention/deletion, incident response, backup/restoration, and deployment information appropriate to the proposed operating model.

## Current assurance boundary

CRM Exit does not claim certifications or regulatory compliance that have not been independently verified for the relevant service and deployment scope. Use the contact form to request the security information available for a proposed project. Do not submit vulnerability details, credentials, or customer data through the public form.

**CTA:** Request the security pack
