Willow Boards connects to your PSA, so security isn't a page on our site. It's the architecture. Here's exactly how your data, credentials, and access are protected.
How your data moves
Willow Boards is a project layer, not a data warehouse. ConnectWise stays your single source of truth; we store only the overlay state that makes it clearer.
Authentication is handled by Microsoft Entra ID: your existing identity, your MFA and conditional-access policies. There are no Willow Boards passwords to manage or leak.
Every request runs inside your tenant's scope. Your projects, settings, and logs live in records partition-keyed to your workspace. Isolation is structural, not a filter.
Reads and writes go to your CW instance with your API member's permissions. Every write is filtered through a field allow-list and recorded in your audit log.
The pillars
Your ConnectWise API keys are stored as per-tenant secrets in Azure Key Vault: never in source code, never in the database alongside your data, and never sent to the browser. Access uses Azure managed identity, so there are no stored vault passwords either.
All workspace data, including project state, configuration, and logs, is partitioned by tenant at the database level, and every API request is bound to your tenant before any handler runs. Caches are tenant-keyed too, so one workspace can never serve another's data.
Four roles: Admin, Project Manager, Engineer, and Member. Each gates every write and sensitive read at the API, not just in the UI. Your admins see the full permission matrix in the app and assign roles per person.
Each change Willow Boards makes to your ConnectWise is recorded with who, when, from where, and what. Every write is filtered through a field allow-list, so only the fields you edited can change. The audit log is yours to review in the admin panel.
AI features are off until you enable them, and they're read-only. They summarize and advise, and they never write to ConnectWise. Bring your own agent and keys, or use Willow-provided AI where the platform key is held server-side and never exposed to any workspace.
The platform runs on Azure App Service with Azure Cosmos DB, encrypted in transit (TLS) and at rest by default, behind hardened HTTP headers and per-route rate limiting. Sign-in, data, and secrets all stay inside the Microsoft cloud.
Shared responsibility
Security tools you can't reason about aren't security. Here's the honest split.
| Willow Boards | You |
|---|---|
| Stores your CW credentials in Key Vault and isolates your workspace data | Create a dedicated CW API member with only the permissions you want Willow Boards to have. Least privilege is yours to set |
| Enforces roles on every API write and sensitive read | Assign roles to your team and review them as people change |
| Records every ConnectWise write in your audit log | Review the audit and API logs in the admin panel. They're built for your eyes, not just ours |
| Handles sign-in through Microsoft Entra ID | Your MFA and conditional-access policies apply automatically. Keep them on |
Common questions
Workspace configuration, the project overlay state that powers boards and onboarding tracking, audit and error logs, and your account/team records. Project and ticket data itself lives in your ConnectWise. We read it on demand and write back only the edits you make.
Credentials are stored in Azure Key Vault, accessed by the application's managed identity at request time, and are never displayed back in the UI or sent to any browser. Operational access to production is restricted and audited.
All data is hosted in Microsoft Azure (App Service + Cosmos DB) and encrypted in transit and at rest. Backups use Cosmos DB's point-in-time restore, with a 7-day restore window. Willow Boards runs in a single region to keep costs predictable.
Microsoft Azure (hosting, identity, data, secrets), Stripe (billing: card data never touches our servers), and Anthropic (only if you enable Willow-provided AI; with bring-your-own AI, no data goes to Anthropic). A current list is available on request.
A Data Processing Agreement is available on request. We are not yet SOC 2 certified; our controls are documented and we're happy to walk your security reviewer through the architecture on a call.
Workspace admins can remove members and configuration at any time; on account closure we delete workspace data and the Key Vault secret holding your CW credentials.
Email [email protected]. We acknowledge reports promptly and will keep you informed through resolution.
Send it over. We'd rather answer your vCISO's hard questions before you connect your PSA than after.
Talk to us