Trust & Security
How we protect your pipeline data.
Revenue Navigator processes your organisation’s CRM data to surface pipeline intelligence. That means you are trusting us with some of your most sensitive commercial information. We take that seriously, and we want to be transparent about how we protect it.
This page describes our current security posture. We do not claim certifications we do not hold. Where our programme is still maturing, we say so.
Security is built into how we develop, deploy, and operate Revenue Navigator — not added on afterwards. Our baseline controls are designed for the data sensitivity of B2B SaaS revenue teams: encryption everywhere, strict access controls, and no unnecessary data retention.
Encryption in transit
All data exchanged between your browser, our platform, and our infrastructure is encrypted using TLS 1.2 or higher. We do not support legacy cipher suites.
Encryption at rest
Customer data stored within the Revenue Navigator platform is encrypted at rest using AES-256. This includes CRM data, pipeline records, and any derived insights.
Access controls
Access to production systems is restricted to authorised personnel only, using least-privilege principles. Multi-factor authentication is required for all internal systems access.
CRM data isolation
Each customer's CRM data is logically isolated. No customer's data is commingled with another's, and no data is used to train shared models without explicit consent.
Secure development
We follow secure development practices including dependency scanning, code review for security issues, and automated checks in our CI/CD pipeline.
Incident response
We maintain an incident response process to detect, contain, and notify affected customers of any security event in a timely manner.
We process your CRM and revenue data solely to provide the Revenue Navigator service as described in our customer agreement. We do not sell customer data, share it with third parties for advertising, or use it to train AI models shared across customers.
Data is retained for the duration of your agreement and deleted within 30 days of termination. You may request early deletion at any time. For full details on how we process personal data on behalf of our customers, see our Data Processing Agreement.
All customer personal data is processed and stored within the European Union. We use EU-based cloud infrastructure throughout the Revenue Navigator platform. No customer data is transferred outside the EEA without appropriate safeguards — where any such transfer is required (for example, to engage a sub-processor), we rely on Standard Contractual Clauses under Commission Decision 2021/914.
Strategos Analytics acts as a data processor under GDPR Article 28. We maintain a current list of sub-processors, available on request at privacy@strategos-analytics.com.
We are building towards formal third-party certification. Our programme is designed around SOC 2 Trust Service Criteria from the outset — not retrofitted once we reach scale.
If your organisation has specific compliance requirements that Revenue Navigator must satisfy, contact us to discuss whether we can meet them at this stage. We respond to every credible enterprise security enquiry.
If you believe you have found a security vulnerability in our website or platform, please report it to us responsibly before disclosing it publicly. Contact us at security@strategos-analytics.com. We will acknowledge your report within 2 business days and keep you informed as we investigate and remediate.
For security-related questions or enterprise security reviews, contact us via our contact form or email security@strategos-analytics.com.