← EmilCRM

Security

Your data, your server. EmilCRM is single-tenant and self-hosted, so the people who can see your CRM are the people you give keys to — and that doesn't include us.

Single-tenant & self-hosted

Your contacts and pipeline live in your own Neon Postgres database, on your own Vercel project. There is no shared multi-tenant database — your data never sits next to anyone else's.

We have no access

Because you host it, EmilCRM (the seller) cannot read, export, or recover your CRM data. You hold the credentials.

Authentication

An optional single-password gate protects the app; the login session is a cookie signed with a secret only your instance knows (AUTH_SECRET). It's enforced whenever you set those values.

Separate key for automation

The prospecting endpoints (the Claude/Cowork connector) require their own bearer token (INGEST_TOKEN), distinct from your login password — so machine access and human access are isolated.

Encrypted in transit

Everything is served over HTTPS by Vercel.

Privacy-preserving licensing

To check your license, only the license key is sent to Lemon Squeezy — never your CRM data. If the license server is ever unreachable, the gate fails open so a paying customer is never locked out by an outage.

Your data is portable

Export a full JSON backup of everything anytime from Settings → Data & backup. Leave, move, or delete whenever you want — no lock-in.

Connectors run on your accounts

Apollo, Claude/Anthropic, and any Gmail/Calendar connectors use your own accounts under their own terms. You decide what flows where.

Honest limitations

Report a vulnerability

Found something? Please email emillundholm25@gmail.com rather than filing a public issue, and we'll get back to you.

Last updated: 26 June 2026