Security & Privacy — Your Data Never Touches Our Servers

SIMtrix is a bridge, not a storage. Call recordings, SMS content, and CRM data stay in Bitrix24 and on your phone. Our EU servers in Germany enforce GDPR compliance, AES-256 encryption, and row-level tenant isolation.

Try SIMtrix free See pricing

Key Capabilities

Security Architecture Built for Zero Trust

Bridge-not-Storage principle, military-grade encryption, and database-level tenant isolation — by design, not by policy.

Bridge-not-Storage Principle

SIMtrix relays commands and events between Bitrix24 and your Android phone — but never stores the content. Call recordings go directly from the phone to Bitrix24's storage. SMS message text is written to the CRM timeline and immediately discarded from our processing pipeline. Our servers hold only the metadata needed for routing: phone numbers, timestamps, and delivery status. No recordings, no message content, no CRM data.

Bridge-not-Storage

Your
Phone

SIMtrix
BridgeZero storage

Bitrix24
CRM

Data flows through — never stored on SIMtrix servers

AES-256 Encryption & EU Servers

All communication between the Android app, the SIMtrix server, and Bitrix24 is encrypted with AES-256 in transit (TLS 1.3) and at rest. Our infrastructure runs exclusively on EU servers located in Germany — fully compliant with GDPR and EU data residency requirements. WebSocket connections use WSS (encrypted WebSocket) with certificate pinning in the Android app.

Security Layers

AES-256 Encryption

End-to-end encrypted communication

EU Servers (Germany)

Data processed within European Union

GDPR Compliant

Full compliance with data protection

JWT + Redis Auth

Secure token-based authentication

PostgreSQL Row-Level Security & Tenant Isolation

In our multi-tenant architecture, every customer's data is isolated through PostgreSQL Row-Level Security (RLS). Database queries are automatically filtered by tenant ID at the database level — not the application level. This means even a software bug cannot leak data between tenants. JWT tokens with short expiry (15 minutes) and Redis-backed refresh tokens handle authentication, while API rate limiting and brute-force protection guard every endpoint.

Tenant Isolation

Tenant A

Tech Solutions

Tenant B

Sales Corp

Tenant C

Marketing Pro

PostgreSQL Row-Level Security

Each tenant sees only their own data

How It Works

How your data flows through SIMtrix — securely, without retention.

Encrypted Command from Bitrix24

When you initiate a call or SMS from Bitrix24, the command travels over HTTPS to the SIMtrix API. Authentication is verified via JWT token. The command contains only the phone number and action type — no CRM data.

Secure WebSocket to Your Phone

The command is forwarded to your Android phone via an encrypted WebSocket (WSS) connection. The phone authenticates with a device-specific token. No intermediary can read the payload.

Action Executed, Result Reported

Your phone executes the call or sends the SMS through the physical SIM card. The result (duration, delivery status) is reported back through the same encrypted channel. Content — recording audio, SMS text — goes directly to Bitrix24, bypassing SIMtrix servers.

Metadata Logged, Content Discarded

SIMtrix logs only routing metadata: timestamp, phone number, duration, delivery status. This metadata is stored in the tenant-isolated PostgreSQL database with RLS. Message content and call recordings are never written to our storage.

Who Is This For?

Security and privacy matter to every organization that handles customer communications.

IT & Security Officers

Deploy SIMtrix knowing that no CRM data or communication content is stored on third-party servers. The Bridge-not-Storage architecture passes security audits and GDPR assessments with ease. Row-level tenant isolation eliminates cross-tenant data risk.

Business Owners (SMB)

Your customer conversations — calls and SMS — stay between you and your customer. SIMtrix never reads, stores, or analyzes your communication content. You own your data, period.

Compliance & Legal Teams

EU data residency (Germany), GDPR compliance, AES-256 encryption, and a clean DPA (Data Processing Agreement) available on request. SIMtrix's architecture makes compliance documentation straightforward because there is nothing to protect on our side — the data simply is not there.

Related Features

Explore more SIMtrix capabilities that work seamlessly together.

Bridge-not-Storage Privacy

Deep dive into the zero-retention data architecture.

Country Code Blocking

Whitelist allowed country codes to prevent unauthorized international charges.

Dual SIM CRM Integration

Assign each SIM card independently with full per-SIM configuration.

Frequently Asked Questions

No. SIMtrix follows the Bridge-not-Storage principle. Call recordings are uploaded directly from your Android phone to Bitrix24's storage — they never pass through SIMtrix servers. SMS content is written to the Bitrix24 CRM timeline and immediately discarded from our processing pipeline. We store only routing metadata: timestamps, phone numbers, duration, and delivery status.

Our servers are located exclusively in Germany (EU). All data processing happens within the European Union, compliant with GDPR and EU data residency requirements. We do not transfer data outside the EU.

SIMtrix uses PostgreSQL Row-Level Security (RLS) for tenant isolation. Every database query is automatically filtered by tenant ID at the database engine level — not the application level. This means even a bug in the application code cannot expose one tenant's data to another. It is the strongest form of multi-tenant isolation available without running separate databases.

Deploy with confidence — your data stays yours

EU servers, AES-256 encryption, zero content storage. Bridge not storage.

Try SIMtrix free

No credit card required · 14-day free trial · Cancel anytime