Security & Privacy

Overview

SIMtrix was designed from the ground up around the Bridge-not-Storage principle. We relay commands and events between Bitrix24 and your Android phone, but we do not store call recordings, SMS message content, or any CRM data on our servers. Recordings go directly from the phone to Bitrix24's storage. SMS content is written to the CRM timeline and immediately discarded from our processing pipeline. Our infrastructure runs on EU servers in Germany, fully compliant with GDPR. All communication between the Android app, the server, and Bitrix24 is encrypted with AES-256 in transit and at rest. In the multi-tenant architecture, every customer's data is isolated through PostgreSQL Row-Level Security — one tenant can never access another tenant's records, even in the event of a software bug. JWT tokens with short expiry and Redis-backed refresh tokens handle authentication, while API rate limiting and brute-force protection guard every endpoint.

How it works

1. 1

   SIMtrix relays commands and events between Bitrix24 and your Android phone in real time.

2. 2

   Call recordings are uploaded directly from the phone to Bitrix24 storage — they never pass through SIMtrix servers.

3. 3

   SMS content is written to the CRM timeline and immediately discarded from the processing pipeline.

4. 4

   All data in transit is encrypted with AES-256 and tenant data is isolated with PostgreSQL Row-Level Security.