At Red Cactus, customers and partners must be able to trust that their data is safe. That’s why we continuously invest in improving and safeguarding our security — not just to stay resilient today, but to remain so in the future. While security in the world of CRM integrations is unfortunately not always a given, we show that innovation, privacy, and GDPR compliance can go hand in hand. In doing so, we set a standard within our industry — one that already gives our partners a competitive edge and that we hope other integration developers will follow to strengthen the sector as a whole.
Our portals and applications have always been equipped with robust security measures. We support multi-factor authentication (MFA) and single sign-on via Microsoft, Google, and Apple. In addition, all login sessions and attempts are recorded in detailed audit logs. If multiple failed login attempts occur, the account is automatically blocked — preventing unauthorized access right away.
In recent months, we’ve implemented several new security measures to protect our users and their data even more effectively. Inactive sessions in the portal are now automatically logged out after 30 minutes. For accounts that don’t use single sign-on but rely on a username and password, we now check whether the chosen password appears in globally known databases of leaked passwords. Every password must also meet specific strength requirements. Since users can work with multiple Bubble applications simultaneously, it’s now possible to manually terminate active app sessions from the management portal — for example, if a session seems suspicious or can no longer be trusted.
Our latest updates focus on giving partners and customers more centralized control over security settings. Organizations can now define in greater detail how their users log in and which authentication methods are allowed. It’s now possible to enforce single sign-on for all users within an organization, eliminating the use of standalone usernames and passwords. Additionally, administrators can disable specific authentication providers. Previously, Google, Microsoft, and Apple were enabled by default — but now organizations can decide which providers remain active, adding an extra layer of control and security.
Want to learn more about these and other security features? Visit our knowledge base for detailed information — though you’ll need to log in first, of course, since that’s well protected too. 😉