Security & data
Your data, your server
GawendaCRM runs on your own infrastructure. Customer data does not sit in a foreign, possibly non-European cloud, but where you decide. Your data belongs to you, and you operate GawendaCRM yourself under a perpetual licence.
Control access finely
Roles and permissions apply down to the detail: you define who may see, edit, delete or only read contacts — differently per area. So each person sees exactly what they need for their work.
Traceable & GDPR-compliant
Changes are logged (audit log), transfers are encrypted. Because the data sits with you and access is controlled, GawendaCRM can be operated in compliance with data protection law; for maintenance access involving personal data we conclude a DPA under Art. 28 GDPR.
Why this gives you peace of mind
A CRM in particular contains the most valuable thing a business has: its customer relationships. That this data stays in your own house and access is clearly regulated is no detail but responsibility — built in here.
Sign-in & retention
Every sign-in is additionally secured by a two-factor code: a 6-digit code by email, “stay signed in” lasts at most 30 days. Submissions can be given a retention period per form — once it expires they are removed automatically, including files, while your contacts remain. Tenant separation is checked and hardened in regular security reviews, most recently in July 2026.