Our approach combines AI safety, enterprise cloud infrastructure and strict access controls so sales and performance data is always protected. (Visit our Salesforce App Exchange listing).
Key Security Principles
As a Salesforce expert, your clients trust you to bring innovation, insight, and business value. SizzleKick helps you do exactly that by easily embedding a high-impact coaching solution into their sales tech stack.
SizziKick has passed Salesforce’s official security review and is published on the Salesforce AppExchange. This review validates data handling, access controls, encryption, and overall security and complies with Salesforce’s enterprise security standards.
1. Data Handling & Privacy
No model training on your data - proprietary data is never used to train external AI models.
Encryption everywhere - all data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256).
Customer control - users can delete their own data at any time.
The last 12 months of data is used for training from the initial setup and summaries, trends and performance insights are stored, not full CRM records.
2. Integrations & Authentication
Secure OAuth 2.0 is used for all integrations (Salesforce, Salesloft).
No passwords are stored or shared - authentication is always via secure token exchange.
Integrations are strictly limited to the scopes required for functionality.
3. Access Controls
Org-level data access - only members of a customer’s organization can view their team’s data.
Role-based permissions - managers see team-level data, sellers only see their own data.
SizzleKick accesses Salesforce via scoped OAuth permissions - only the data required for analysis is read (leads, contacts, accounts, opportunities, activity data etc).
Session and token lifecycles follow industry best practices.
4. Infrastructure & Hosting
Hosted on Bubble.io Cloud, which provides automatic SSL certificates, multi-factor authentication, and strong baseline app security.
Infrastructure is powered by AWS, which manages physical data center security, encryption at rest, and enterprise-grade firewalls.
Continuous code reviews and dependency monitoring reduce vulnerabilities.
Audit logs help detect suspicious activity or unusual access patterns.
5. Transparency & Trust
Clear documentation of what Sizzi stores versus what is pulled live from integrations.
Data can be exported or deleted on request.
Security is embedded in our roadmap - future features will continue to strengthen customer control and protection.
Bubble.io Built-In Security
1. Transport & Storage Security
Automatic SSL (HTTPS) - All Bubble apps come with SSL certificates to encrypt traffic in transit.
Encryption at Rest - Data stored in Bubble’s databases is encrypted (AES-256).
2. Authentication & Access
Multi-Factor Authentication (MFA) - Available for all Bubble accounts.
Role-based editor access - You can control who on your team can edit or view your Bubble app.
Secure password storage - User passwords are salted and hashed, never stored in plaintext.
SSO integrations (via plugins or API) - Allows Google, SAML, or custom OAuth.
3. Infrastructure Security
AWS Hosting - Bubble apps run on AWS, benefiting from Amazon’s physical security, DDoS protection, and network firewalls.
Redundancy & Backups - Regular backups and redundant storage are built in.
Monitoring & Firewalls - Bubble monitors its infrastructure and applies firewall rules at multiple levels.
4. Data Privacy & Permissions
Privacy Rules (row-level security) - Built-in system that lets you restrict who can see or modify data on a per-field basis.
Org-level & role-level controls - When configured properly, ensures users only access what they should.
Content Security Policy (CSP) - Helps prevent cross-site scripting (XSS) and code injection.
5. Compliance & Standards
GDPR ready (customers control their data, right to delete/export).
SOC 2 Type II - Bubble has achieved SOC 2 Type II certification for its platform.
HIPAA hosting available (on Enterprise plans with a BAA).
6. Best-Practice Features for Builders
Automatic input sanitization for workflows.
Version control & staging environments to safely test before deploying live.
Audit logs in Bubble’s editor for changes to workflows, database, and app structure.
SizzleKick is committed to transparent, enterprise-ready security for organisations who rely on Salesforce and AI to drive performance.
