Security & Trust

Your ConnectWise is the crown jewels. We treat it that way.

Willow Boards connects to your PSA, so security isn't a page on our site. It's the architecture. Here's exactly how your data, credentials, and access are protected.

How your data moves

A short, auditable path, and nothing else

Willow Boards is a project layer, not a data warehouse. ConnectWise stays your single source of truth; we store only the overlay state that makes it clearer.

01 You sign in

Authentication is handled by Microsoft Entra ID: your existing identity, your MFA and conditional-access policies. There are no Willow Boards passwords to manage or leak.

02 Your workspace

Every request runs inside your tenant's scope. Your projects, settings, and logs live in records partition-keyed to your workspace. Isolation is structural, not a filter.

03 Your ConnectWise

Reads and writes go to your CW instance with your API member's permissions. Every write is filtered through a field allow-list and recorded in your audit log.

The pillars

Built multi-tenant from day one

Credentials in Azure Key Vault

Your ConnectWise API keys are stored as per-tenant secrets in Azure Key Vault: never in source code, never in the database alongside your data, and never sent to the browser. Access uses Azure managed identity, so there are no stored vault passwords either.

Tenant isolation by design

All workspace data, including project state, configuration, and logs, is partitioned by tenant at the database level, and every API request is bound to your tenant before any handler runs. Caches are tenant-keyed too, so one workspace can never serve another's data.

Roles enforced on the server

Four roles: Admin, Project Manager, Engineer, and Member. Each gates every write and sensitive read at the API, not just in the UI. Your admins see the full permission matrix in the app and assign roles per person.

Every write is audited

Each change Willow Boards makes to your ConnectWise is recorded with who, when, from where, and what. Every write is filtered through a field allow-list, so only the fields you edited can change. The audit log is yours to review in the admin panel.

AI on your terms

AI features are off until you enable them, and they're read-only. They summarize and advise, and they never write to ConnectWise. Bring your own agent and keys, or use Willow-provided AI where the platform key is held server-side and never exposed to any workspace.

Hardened Azure foundation

The platform runs on Azure App Service with Azure Cosmos DB, encrypted in transit (TLS) and at rest by default, behind hardened HTTP headers and per-route rate limiting. Sign-in, data, and secrets all stay inside the Microsoft cloud.

Shared responsibility

What we protect, what you control

Security tools you can't reason about aren't security. Here's the honest split.

Willow BoardsYou
Stores your CW credentials in Key Vault and isolates your workspace dataCreate a dedicated CW API member with only the permissions you want Willow Boards to have. Least privilege is yours to set
Enforces roles on every API write and sensitive readAssign roles to your team and review them as people change
Records every ConnectWise write in your audit logReview the audit and API logs in the admin panel. They're built for your eyes, not just ours
Handles sign-in through Microsoft Entra IDYour MFA and conditional-access policies apply automatically. Keep them on

Common questions

What security reviewers ask us

What data does Willow Boards store?

Workspace configuration, the project overlay state that powers boards and onboarding tracking, audit and error logs, and your account/team records. Project and ticket data itself lives in your ConnectWise. We read it on demand and write back only the edits you make.

Can Willow Boards staff see my ConnectWise credentials?

Credentials are stored in Azure Key Vault, accessed by the application's managed identity at request time, and are never displayed back in the UI or sent to any browser. Operational access to production is restricted and audited.

Where is my data hosted, and is it backed up?

All data is hosted in Microsoft Azure (App Service + Cosmos DB) and encrypted in transit and at rest. Backups use Cosmos DB's point-in-time restore, with a 7-day restore window. Willow Boards runs in a single region to keep costs predictable.

What subprocessors do you use?

Microsoft Azure (hosting, identity, data, secrets), Stripe (billing: card data never touches our servers), and Anthropic (only if you enable Willow-provided AI; with bring-your-own AI, no data goes to Anthropic). A current list is available on request.

Do you offer a DPA? Are you SOC 2 certified?

A Data Processing Agreement is available on request. We are not yet SOC 2 certified; our controls are documented and we're happy to walk your security reviewer through the architecture on a call.

How do I delete my data?

Workspace admins can remove members and configuration at any time; on account closure we delete workspace data and the Key Vault secret holding your CW credentials.

How do I report a security issue?

Email [email protected]. We acknowledge reports promptly and will keep you informed through resolution.

Have a security questionnaire?

Send it over. We'd rather answer your vCISO's hard questions before you connect your PSA than after.

Talk to us