Your financial data is among the most sensitive information your business holds. We built beCrystal with security as a foundation, not an afterthought.
We hold ourselves to the standards your enterprise procurement team expects.
Our security controls have been independently audited and certified to meet the highest standards for trust services criteria.
Full compliance with the EU General Data Protection Regulation. Your customer data is handled according to the strictest European privacy standards.
All data encrypted in transit using TLS 1.3 and at rest with AES-256. Keys are managed through hardware security modules with strict rotation policies.
Your data stays in the EU. We operate on infrastructure within European data centres and do not transfer data outside EU/EEA without explicit consent.
Every change to your data is logged with who made it, when, and why. Full immutable audit trail available on request.
Role-based access control with SSO support. Least-privilege by default. You control who sees what.
Annual third-party penetration tests with findings disclosed to customers on request. Vulnerability disclosure programme open year-round.
Our full security documentation, Data Processing Agreement and sub-processor list are available on request, or linked below.