Security at Preflight
Preflight exists to make CRM changes safe. That starts with how we handle your data.
OAuth-only CRM access
Preflight never sees your CRM password. HubSpot and Salesforce connect through their standard OAuth flows with the minimum scopes needed to read and write CRM records. You can revoke access at any time from the CRM's own settings or from Preflight's Connections page.
Tokens encrypted at rest
CRM access and refresh tokens are encrypted with AES-256-GCM before they're stored. Encryption keys live only in the runtime environment — never in the database or the codebase.
Tenant isolation by workspace
Every client workspace has its own CRM connections, imports, mappings, and audit trail. Access is enforced at the database layer with row-level security plus application-level membership checks, and agency roles control who sees which workspaces.
Staging reads, explicit writes
During staging, Preflight only reads your CRM to compute the diff. Nothing is written until a person reviews the staged report and clicks push — and client-shared reports are strictly read-only.
Reversible by design
Preflight snapshots destination values before every push, so any import, migration, or bulk update can be rolled back. Both the push and the rollback are recorded permanently in the audit log.
Infrastructure
Preflight runs on Vercel with data stored in Supabase (PostgreSQL) — both SOC 2 Type II audited providers. Payments are processed by Stripe; card details never touch Preflight's servers. All traffic is encrypted in transit with TLS.
Security questions or disclosures
Reach us at hello@getpreflight.co. We respond to security reports as a priority.
