Security

Security is built into how Gabe Works operates. The following outlines the practices we follow to protect client accounts, customer data, and the automations we build.

Account Access

• Client accounts (CRM, phone, email, hosting) remain owned and controlled by the client.
• Access is granted via least-privilege roles and revoked immediately upon engagement end.
• Multi-factor authentication is required on every account we touch.

Credential Handling

• API keys, tokens, and passwords are stored in an encrypted password manager — never in plaintext.
• Credentials are never shared over email, SMS, or chat.
• Credentials are rotated when staff or contractor access changes.

Data Protection

• All connections to client systems use TLS/HTTPS.
• Customer data flowing through automations is processed only for the workflow it powers.
• We do not export, sell, or repurpose client customer data.

Infrastructure

Automations and websites are deployed on reputable, SOC 2-compliant providers (such as Cloudflare, Twilio, and major email infrastructure providers). We rely on their hardened infrastructure for network, physical, and platform security.

Monitoring

Workflows are monitored continuously. Failures and anomalies trigger automatic alerts so issues are addressed before they impact your customers.

Incident Response

If a security incident affects a client account or data we process, we will notify the affected client promptly with a description of what happened, the data involved, and remediation steps.

Reporting a Vulnerability

Found a security issue? Please email gabe@gabeworks.co with details. We appreciate responsible disclosure and will respond as quickly as possible.