SideBlend is designed with enterprise-grade security practices from the ground up. We follow SOC 2 standards to protect your data, your credentials, and your customers’ information — every step of the way.
SOC 2 (Service Organization Control 2) is the leading security and compliance framework for SaaS companies. It defines controls across five Trust Services Criteria. SideBlend is built in alignment with these principles to give your team and your customers confidence.
From how we handle your OAuth tokens to how AI requests are made, security is built into every part of SideBlend.
We connect to Salesforce, HubSpot, and Google via OAuth 2.0. We never store your CRM username or password — only short-lived access tokens that you can revoke at any time.
All communication between the extension and external services (CRM APIs, AI providers, Google) uses TLS 1.2 or higher. No data travels unencrypted.
SideBlend runs as a Chrome extension. Your CRM data is fetched directly from your CRM to your browser — it does not route through our servers or get stored in our databases.
AI API keys (Claude, OpenAI, Gemini) are stored locally in your browser’s encrypted extension storage. We never transmit or log your API keys.
SideBlend requests only the CRM and Google permissions it needs to function. We follow the principle of least privilege — no broad admin access, no unnecessary scopes.
You can disconnect SideBlend from your CRM, Google Workspace, or AI provider at any time from the Settings screen. Revoking access immediately ends all data access.
We take security reports seriously. If you discover a potential security issue in SideBlend, please contact us directly. We commit to acknowledging your report within 48 hours and working with you to resolve it responsibly.
📧 Report a Security Issue