We know our customers rely on SizzleKick to handle sensitive sales and performance data — which is why we adopt a security-by-design philosophy across every layer of our product.
Key Security Principles
As a Salesforce expert, your clients trust you to bring innovation, insight, and business value. SizzleKick helps you do exactly that—by easily embedding a high-impact coaching solution into their sales tech stack.
1. Data Handling & Privacy
No model training on your data — proprietary data is never used to train external AI models.
Encryption everywhere — all data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
Customer control — users can delete their own data at any time.
2. Integrations & Authentication
Secure OAuth 2.0 is used for all integrations (Salesforce, Salesloft).
No passwords are stored or shared — authentication is always via secure token exchange.
Integrations are strictly limited to the scopes required for functionality.
3. Access Controls
Org-level data access — only members of a customer’s organization can view their team’s data.
Role-based permissions — managers see team-level data, sellers only see their own data.
Session and token lifecycles follow industry best practices.
4. Infrastructure & Hosting
Hosted on Bubble.io Cloud, which provides automatic SSL certificates, multi-factor authentication, and strong baseline app security.
Infrastructure is powered by AWS, which manages physical data center security, encryption at rest, and enterprise-grade firewalls.
Continuous code reviews and dependency monitoring reduce vulnerabilities.
Audit logs help detect suspicious activity or unusual access patterns.
5. Transparency & Trust
Clear documentation of what Sizzi stores versus what is pulled live from integrations.
Data can be exported or deleted on request.
Security is embedded in our roadmap — future features will continue to strengthen customer control and protection.
Bubble.io Built-In Security
1. Transport & Storage Security
Automatic SSL (HTTPS) — All Bubble apps come with SSL certificates to encrypt traffic in transit.
Encryption at Rest — Data stored in Bubble’s databases is encrypted (AES-256).
2. Authentication & Access
Multi-Factor Authentication (MFA) — Available for all Bubble accounts.
Role-based editor access — You can control who on your team can edit or view your Bubble app.
Secure password storage — User passwords are salted and hashed, never stored in plaintext.
SSO integrations (via plugins or API) — Allows Google, SAML, or custom OAuth.
3. Infrastructure Security
AWS Hosting — Bubble apps run on AWS, benefiting from Amazon’s physical security, DDoS protection, and network firewalls.
Redundancy & Backups — Regular backups and redundant storage are built in.
Monitoring & Firewalls — Bubble monitors its infrastructure and applies firewall rules at multiple levels.
4. Data Privacy & Permissions
Privacy Rules (row-level security) — Built-in system that lets you restrict who can see or modify data on a per-field basis.
Org-level & role-level controls — When configured properly, ensures users only access what they should.
Content Security Policy (CSP) — Helps prevent cross-site scripting (XSS) and code injection.
5. Compliance & Standards
GDPR ready (customers control their data, right to delete/export).
SOC 2 Type II — Bubble has achieved SOC 2 Type II certification for its platform.
HIPAA hosting available (on Enterprise plans with a BAA).
6. Best-Practice Features for Builders
Automatic input sanitization for workflows.
Version control & staging environments to safely test before deploying live.
Audit logs in Bubble’s editor for changes to workflows, database, and app structure.
