Security and trust
We are committed to providing you full transparency in our operations
Data protection
Understand how we protect your data with our commitment to data privacy.
SugarAI maintains a comprehensive Data Protection Program with policies, risk assessments, incident handling, and awareness and training. As privacy laws evolve and cyber threats grow, all employees receive ongoing training to ensure proper handling of both customer and internal personal data.
Compliance
SugarAI’s rigorous certifications and global compliance standards give your prospects confidence that their data will be handled securely and responsibly throughout the entire customer lifecycle.
SugarCloud Geography and Data Residency
SugarCloud utilizes AWS across the globe. Clients choose the region they want to contain their data, and the data stays within that region.
We use the following regions:
Australia
Germany
United Kingdom
United States
Data retention
SugarCloud maintains an active data retention policy and retains or deletes all data in accordance with applicable laws and compliance requirements.
If a Sugar customer decides to leave Sugar, they have access to their data for up to 120 days, unless otherwise requested. After the 120 days, customer data will be permanently deleted.
SugarCloud Platform Architecture
The SugarCloud platform is built on AWS.
SugarCloud utilizes a stack that consists of a web frontend, multiple services and processing layers, and databases. API access is authenticated and all services require encryption.
Single Sign-on (SSO)
SugarCloud provides LDAP, SAML, and OIDC support for single sign-on for both mobile and web as another option for centralized management of passwords across multiple systems. SugarCloud supports external SSO providers for customers who prefer to perform authentication on their intranet and then be redirected to SugarCloud. The SugarCloud SSO solution integrates with any external Identity Management Services.
Data Access and Data Flow
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
Sugarcloud Availability Program
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
Cloud Security
SugarAI maintains a comprehensive Information Security Program which includes following the latest Cloud Security best practices. SugarCloud uses industry standard encryption algorithms and data is encrypted both in transit and at rest.All data in the SugarCloud Development, Test and QA environments is anonymized and sanitized to support secure development, patching, fixes and penetration testing.
Client Access Control and Authentication
The SugarCloud Platform provides Role Based Access Control, configurable by the client. Client access is logged to the platform and reviewable by the client.
SugarCloud integrates with third-party identity and access systems to allow MFA, single sign on, federated sign on, and other client required access control mechanisms.
Sugarcloud Development Security Program
Our code is rigorously tested and secured through a comprehensive SDLC program. All code is continuously tested, gaps remediated, and retested. Once code has passed all tests and retests, it is put through QA and logic tests. Once it passes all those tests, it is put into an environment to be pen tested.
Data retention
SugarCloud maintains an active data retention policy and retains or deletes all data in accordance with applicable laws and compliance requirements.
If a Sugar customer decides to leave Sugar, they have access to their data for up to 120 days, unless otherwise requested. After the 120 days, customer data will be permanently deleted.
Data Access and Data Flow
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
Client Access Control and Authentication
The SugarCloud Platform provides Role Based Access Control, configurable by the client. Client access is logged to the platform and reviewable by the client.
SugarCloud integrates with third-party identity and access systems to allow MFA, single sign on, federated sign on, and other client required access control mechanisms.
SugarCloud Platform Architecture
The SugarCloud platform is built on AWS.
SugarCloud utilizes a stack that consists of a web frontend, multiple services and processing layers, and databases. API access is authenticated and all services require encryption.
Sugarcloud Availability Program
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
Sugarcloud Development Security Program
Our code is rigorously tested and secured through a comprehensive SDLC program. All code is continuously tested, gaps remediated, and retested. Once code has passed all tests and retests, it is put through QA and logic tests. Once it passes all those tests, it is put into an environment to be pen tested.
Single Sign-on (SSO)
SugarCloud provides LDAP, SAML, and OIDC support for single sign-on for both mobile and web as another option for centralized management of passwords across multiple systems. SugarCloud supports external SSO providers for customers who prefer to perform authentication on their intranet and then be redirected to SugarCloud. The SugarCloud SSO solution integrates with any external Identity Management Services.
Cloud Security
SugarAI maintains a comprehensive Information Security Program which includes following the latest Cloud Security best practices. SugarCloud uses industry standard encryption algorithms and data is encrypted both in transit and at rest.All data in the SugarCloud Development, Test and QA environments is anonymized and sanitized to support secure development, patching, fixes and penetration testing.
Data retention
SugarCloud maintains an active data retention policy and retains or deletes all data in accordance with applicable laws and compliance requirements.
If a Sugar customer decides to leave Sugar, they have access to their data for up to 120 days, unless otherwise requested. After the 120 days, customer data will be permanently deleted.
Client Access Control and Authentication
The SugarCloud Platform provides Role Based Access Control, configurable by the client. Client access is logged to the platform and reviewable by the client.
SugarCloud integrates with third-party identity and access systems to allow MFA, single sign on, federated sign on, and other client required access control mechanisms.
Sugarcloud Availability Program
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
Single Sign-on (SSO)
SugarCloud provides LDAP, SAML, and OIDC support for single sign-on for both mobile and web as another option for centralized management of passwords across multiple systems. SugarCloud supports external SSO providers for customers who prefer to perform authentication on their intranet and then be redirected to SugarCloud. The SugarCloud SSO solution integrates with any external Identity Management Services.
Data Access and Data Flow
Data at Sugar is restricted from access by non-authorized personnel.
Multi-Factor authentication is used on all systems, for all access points, at all times. All data access is logged and monitored.
As mentioned, Sugar has multiple global geographic regions that serve customers. The data flow inside each region is the same. This is a high-level view of the Data Flow in any region.
SugarCloud Platform Architecture
The SugarCloud platform is built on AWS.
SugarCloud utilizes a stack that consists of a web frontend, multiple services and processing layers, and databases. API access is authenticated and all services require encryption.
Sugarcloud Development Security Program
Our code is rigorously tested and secured through a comprehensive SDLC program. All code is continuously tested, gaps remediated, and retested. Once code has passed all tests and retests, it is put through QA and logic tests. Once it passes all those tests, it is put into an environment to be pen tested.
Cloud Security
SugarAI maintains a comprehensive Information Security Program which includes following the latest Cloud Security best practices. SugarCloud uses industry standard encryption algorithms and data is encrypted both in transit and at rest.All data in the SugarCloud Development, Test and QA environments is anonymized and sanitized to support secure development, patching, fixes and penetration testing.
Sugar has several resources to help you in securing your solution and configuring privacy within each product.
Sugar Sell, Serve, Enterprise and Pro
Access security, configuration, and other information on securing access to resources and application can be found below.
Also, as you are working to customize Sugar, the Visibility Framework and Teams model ensure your data remains private within your organization. For more information, please refer to link below.
Hint, Sugar Mobile and Sugarpredict
These products share the Visibility framework and CRM access from Sugar Sell, Serve, Enterprise and Pro. Please refer to the information above.
Sugar Mobile can further be configured to leverage your organization’s Mobile Device Management via the Mobile Application Configuration Services (MACS) component.
Sugar Connect
For information concerning account and user configuration, please refer to link below.
When users are working with Sugar data in the side panel, Sugar Connect leverages the Visibility Framework described above.
Sugar Sell, Serve, Enterprise and Pro
Access security, configuration, and other information on securing access to resources and application can be found below.
Also, as you are working to customize Sugar, the Visibility Framework and Teams model ensure your data remains private within your organization. For more information, please refer to link below.
Hint, Sugar Mobile and Sugarpredict
These products share the Visibility framework and CRM access from Sugar Sell, Serve, Enterprise and Pro. Please refer to the information above.
Sugar Mobile can further be configured to leverage your organization’s Mobile Device Management via the Mobile Application Configuration Services (MACS) component.
Sugar Connect
For information concerning account and user configuration, please refer to link below.
When users are working with Sugar data in the side panel, Sugar Connect leverages the Visibility Framework described above.
SugarAI Information Security Program
Sugar maintains a third-party risk, vendor management, and services review program. We vet all external suppliers of services and software to ensure they meet our security and compliance requirements.
Sugar has implemented and maintains a global import/export third-party review system that continuously reviews international compliance for partners, vendors, employees, contractors and customers.
SugarAI is a leading sales CRM for B2B growth. Join the move.
4000+
Customers
1M+
Users
120+
Countries
180+
ERP integrations
96%
Customer satisfaction
© 2026 SugarAI Inc. All Rights Reserved. SugarCRM is now SugarAI.
SugarAI is a leading sales CRM for B2B growth. Join the move.
4000+
Customers
1M+
Users
120+
Countries
180+
ERP integrations
96%
Customer satisfaction
© 2026 SugarAI Inc. All Rights Reserved. SugarCRM is now SugarAI.
SugarAI is a leading sales CRM for B2B growth. Join the move.
4000+
Customers
1M+
Users
120+
Countries
180+
ERP integrations
96%
Customer satisfaction
© 2026 SugarAI Inc. All Rights Reserved. SugarCRM is now SugarAI.