Security
The data behind every quote, kept safe.
Sallra works with the quote and customer data your business runs on. This page explains how we protect it, where it lives, and who stays in control of it.
Security & privacy
We treat the data behind every quote the way it should be treated — carefully, lawfully, and always yours.
Protecting it is a responsibility we take seriously, and the commitments below are how we keep it.
Your data stays in the EU
Sallra is a Swedish company, and your data is stored and processed in Stockholm, under EU law. Every customer has a signed DPA in place.
Data isolation
Every customer is a fully isolated tenant, separated at the database level, not just by policy. One customer’s data can never surface in another’s.
Encrypted at every layer
Everything is encrypted in transit with TLS and at rest with AES 256. The credentials that connect Sallra to your CRM and ERP are sealed in their own encrypted envelope, locked to your account.
Zero data retention
Your quotes and customer data are never used to train AI models. We run under a Zero Data Retention agreement with our AI provider, which keeps nothing once a draft is returned.
Security by design
Security is layered across the database, backend, and frontend, on infrastructure certified to ISO 27001. We’re now working toward our own ISO 27001 certification and NIS2 alignment.
How your data is handled
Sallra works on top of the systems you already use.
Your systems stay the source of truth
Sallra connects to the ERP and CRM your team already works in, and those systems stay the source of record — they own the data, and we never overwrite it or take it over. So Sally can follow up at the right moment, Sallra syncs a working copy of the relevant quote and customer data into its own isolated workspace in the EU, alongside the timing and status it generates itself.
Your data stays in the EU
The data Sallra processes is hosted and processed in the EU, under EU law. When Sally drafts a follow-up it travels encrypted, and the AI provider behind it runs under a Zero Data Retention agreement — nothing is kept once the answer is delivered, and nothing trains a model.
Common questions
What buyers ask us about security.
Where is our data stored?
In the EU. Sallra is a Swedish company, and both hosting and processing of your data stay within the EU, under EU law.
Does Sallra replace our CRM or ERP?
No. Sallra is a follow-up layer on top of the systems your team already uses. Your CRM or ERP stays the system of record — Sallra reads from it to handle timing and follow-up, and never takes over your data.
Do you use our data to train AI?
No. We have a Zero Data Retention agreement with our AI provider: your quotes and customer data are never used to train or improve a model, and the AI provider keeps nothing once Sally’s draft is returned.
Can other customers see our data?
No. Each customer’s data is separated at the database level, not only by policy, and it is encrypted at rest and in transit.
Is Sallra GDPR compliant?
Yes. As a Swedish company, GDPR is simply how we operate, and every customer has a signed Data Processing Agreement (DPA) in place from day one.
Is Sallra ISO 27001 certified?
Not yet, and we’d rather be straight about that than imply otherwise. Our infrastructure runs on platforms that are themselves certified to ISO 27001, and we’re actively working toward our own ISO 27001 certification and NIS2 alignment. We’re happy to share where we are in that process.
What happens to our data if we stop using Sallra?
Your source system always stays the system of record — the canonical quote and customer data lives there, and we never overwrite it. Sallra holds a synced working copy plus the timing and status it generates itself; when you leave, we delete that copy. Your own records stay exactly where they always were — with you.
Can we get a DPA or security documentation?
Yes. Every customer signs a DPA, and we are glad to walk your team through how Sallra handles data. Reach us at hello@sallra.se.
Still have a security question?
We would rather answer it directly than leave it on a page. Book a demo, or write to us.