Security at Wefire

Your sales data is the lifeblood of your business. We treat it that way.

Security is not an afterthought at Wefire. It is built into every layer of the platform, from how we store your data to how we handle AI requests. This page explains exactly what we do to protect your information.

Data Encryption

All data stored in Wefire is encrypted at rest using AES-256, the same encryption standard used by financial institutions and government agencies. Every database record, every file, every backup is encrypted before it touches disk.

All data in transit is protected with TLS 1.3, the latest version of the Transport Layer Security protocol. Every connection between your browser and our servers, between our servers and third-party services, and between internal systems is encrypted. There are no exceptions.

API keys and other sensitive credentials you provide, such as keys for AI providers, are encrypted with AES-256 before storage. They are never stored in plaintext.

Infrastructure Security

Wefire is hosted on enterprise-grade cloud infrastructure with an uptime guarantee and SOC 2 compliance. Our infrastructure providers maintain rigorous security certifications and undergo regular third-party audits.

We use a multi-tenant architecture with complete data isolation between organizations. Your data is separated from every other customer’s data at the database level through row-level security policies. More than 30 security policies enforce this separation, preventing unauthorized access across organizational boundaries.

These are not application-level checks that can be bypassed. They are enforced at the database layer. Even if an application-level bug were introduced, the database itself would reject unauthorized queries.

Authentication and Access Control

Authentication is powered by Supabase, a trusted infrastructure provider used by thousands of production applications. We support multiple secure authentication methods:

• Email and password with secure hashing and salting
• Magic links for passwordless login via email
• Secure session management with automatic token rotation and expiration

Access is controlled at the organizational level. When an account is suspended, access is revoked instantly. There is no grace period and no lingering sessions. Role-based permissions ensure team members only see and do what they are authorized to.

Audit and Compliance

Every action in Wefire is logged. Who did what, when, and to which record. This includes logins, data changes, exports, permission changes, and administrative actions.

This audit trail serves two purposes. First, it gives you visibility into how your team uses the platform. Second, it provides the documentation you need for compliance requirements and internal investigations. Logs are retained and available for review.

AI and Data Privacy

Wefire integrates with multiple AI providers, including Anthropic Claude, OpenAI GPT, Google Gemini, and xAI Grok. You choose which provider powers your AI sales assistant. Here is how we handle your data when AI features are involved:

Your CRM data is never used to train AI models. This is a founding principle, not a marketing claim. Your contacts, your deals, your emails, and your notes are yours. They are never fed into training pipelines.

When you use AI features, your request goes to your selected provider and the response returns to you. We do not store AI requests or responses beyond what is needed to display results in your account.

Bring Your Own API Key. If you prefer, you can use your own API key with any supported provider. When you do, your data relationship is directly with that provider under your own agreement. Wefire acts as the interface, not the intermediary. You can learn more about supported providers on our AI integrations page.

Your Data, Your Control

Your data belongs to you. You can export it at any time, in full, without restrictions. There are no lock-in tricks and no proprietary formats.

If you decide to leave Wefire, your data remains available for export. If you want your data deleted, we will delete it on request. No hoops. No waiting periods beyond what is necessary for processing.

We do not sell your data. We do not share it. We do not use it for any purpose other than providing you the service you signed up for.

For full details on how we handle your information, see our Privacy Policy.

Frequently Asked Questions

Is my data encrypted?

Yes. All data is encrypted at rest with AES-256 and in transit with TLS 1.3.

Is my data used to train AI models?

No. Your CRM data is never used to train any AI models. When you use AI features, requests go to your selected provider and return to you.

Can I export my data?

Yes. You can export your data at any time. Your data belongs to you.

What happens if I cancel?

Your data remains available for export. After the retention period, it is permanently deleted upon request.

If you have security questions or need to report a concern, contact us.