Home / / CRM Security and Data Privacy

CRM Security and Data Privacy

1 view

This article is for administrators and practice owners. It explains how the WPResidence real estate CRM protects your data, how to respond to privacy requests from prospects, and what the CRM does (and does not) do for you from a compliance standpoint.

What Data the CRM Stores

The CRM stores exactly the data you put in — names, emails, phones, addresses, notes, messages — plus automatically collected data:

  • Which property pages each identified contact viewed (the tracking cookie data).
  • The activity timeline (form submissions, notes, emails sent, stage changes, etc.).
  • Linked listings (IDs referencing your property posts).

Where the Data Lives

All CRM data lives in your own WordPress database on your own hosting. No data is sent to a third party by default. Only when you explicitly enable HubSpot, Twilio, webhooks, or another integration does data leave your site.

How Access Is Controlled

  • Login required for every CRM dashboard page.
  • Administrators see all; agents see their own scoped data (see the Permissions article).
  • All mutation actions (create, update, delete) require a nonce — single-use tokens that prevent CSRF attacks.
  • All text input is sanitized before storage; no raw HTML is stored in places the CRM does not expect it.
  • SQL queries use prepared statements — user input cannot become SQL code.

GDPR and Privacy Requests

The CRM is a processor of personal data. Your company is the controller. You are responsible for lawful use — the CRM gives you the tools.

Right to Access

If a contact requests their data, open their detail page. Export a CSV of their row. Copy the activity timeline. Send both to the contact.

Right to Erasure

Delete the contact from the Contacts list. The contact row is removed from the database. Their activities, notes, and viewed-listing records will no longer have a valid foreign key; for a complete erasure, also remove those rows (an administrator with database access can do this, or you can open a support request).

Right to Rectification

Open the contact, edit the wrong field, save.

Cookie Disclosure

The CRM sets a tracking cookie wpestate_crm_contact_id after a contact form submission. Disclose this in your site’s privacy policy and cookie banner. The cookie lifetime is 1 year; it is HttpOnly and SameSite=Lax.

Opt-In vs Opt-Out

The CRM does not force consent — consent is handled by the theme’s GDPR checkbox on contact forms. If you require consent to operate in your jurisdiction, make sure the consent checkbox is enabled and wired into your forms.

Email Marketing

Automated emails from the CRM (welcome, matching listings, re-engagement) count as commercial messages in most jurisdictions. Make sure you have consent before enabling automation rules that email contacts. An unsubscribe link is required — include it in the email template body.

Data Retention

The CRM does not automatically delete old data. Tracking records, activities, and contacts stay indefinitely. For minimization, set a retention policy and ask an administrator to run a yearly cleanup of old records (bulk delete + database pruning where needed).

Breach Response

If you believe your CRM has been accessed without authorization:

  1. Change all administrator passwords immediately.
  2. Rotate the HubSpot API token, the Twilio Auth Token, and any webhook signing secret.
  3. Check the WordPress user list for unknown accounts.
  4. Review the CRM activity timeline for unusual patterns.
  5. Contact your hosting provider for server-level logs.
  6. Follow your incident-response plan and notify affected individuals as required by law.

What the CRM Does NOT Do

  • No end-to-end encryption of stored data beyond what your hosting provides.
  • No field-level access control (if an agent can see the contact, they see all its fields).
  • No built-in audit log of who looked at what — only mutations are logged.
  • No automatic data retention / purge.

Best Practices

  • Use long, unique administrator passwords + two-factor auth (via a security plugin).
  • Keep WordPress core, the theme, and all plugins updated.
  • Back up your database daily.
  • Train your team — the biggest risks are behavioral, not technical.