Skip to main content

Security &
Trust

We treat your data with the same care we'd want applied to our own. Here's exactly how we protect it.

Encryption at rest & in transit

All data encrypted with AES-256 at rest. TLS 1.3 in transit. Database connections over SSL.

Row-level security

Supabase RLS ensures workspace data is strictly isolated. No cross-tenant data access is architecturally possible.

No service-role keys in the browser

The marketing site uses only anon keys with RLS. Service-role keys never leave the server.

SOC 2 Type II (in progress)

We are currently pursuing SOC 2 Type II certification. Audit in progress with expected completion in Q3 2026.

Data residency

All data processed and stored in the US (us-east-1). EU data residency option available for Enterprise.

Subprocessors

We maintain a published list of subprocessors. You can subscribe to change notifications and terminate the DPA if you object.

Responsible disclosure

If you discover a security vulnerability, please report it to security@crutan.com. We will acknowledge within 24 hours and keep you updated on remediation.

We do not pursue legal action against researchers who act in good faith and follow responsible disclosure guidelines.

Crutan

Crutan turns one outreach template into a personalized page for every prospect, speaking to their company, their problem, and how you solve it.

Product updates & growth tactics

Product

  • Templates
  • Personalization
  • Brand Kit
  • Integrations
  • Analytics
  • Pricing

Solutions

  • For SDRs
  • Demand Gen
  • Agencies
  • ABM
  • Events

Resources

  • Blog
  • Customers
  • How it Works
  • Changelog
  • Documentation

Company

  • About
  • Careers
  • Contact
  • Security
  • Status
© 2026 Crutan, Inc. All rights reserved.
PrivacyTermsCookiesDPA
Crutan
  • Product
  • Solutions
  • Resources
  • Pricing
Sign inBook a demo