GoCSM Security Architecture

1. Overview

GoCSM is an analytics and retention intelligence platform built exclusively for GoHighLevel agencies. We help you understand sub-account health, product adoption, login activity, and revenue trends across your entire portfolio — so you can reduce churn, increase expansion revenue, and deliver better outcomes for your clients.

Security is foundational to how we operate. Your agency data powers critical business decisions, and we treat the protection of that data with the seriousness it deserves. This document explains, in plain language, exactly how we secure your information at every layer.

2. What We Access From Your GoHighLevel Account

We believe in transparency about exactly what data we read from your GHL account.

What We Read

• Agency profile information (name, contact details, settings)

• Sub-account names, metadata, and status

• User profiles for login activity tracking (name, email, role)

• Workflow configurations (names and structure, for adoption scoring)

• Calendar, product, and conversation metadata (counts and names, not content)

• SaaS subscription and revenue summaries

What We Never Access

• Contact or lead personal data

• Message content or conversation bodies

• File attachments or media

• Payment card details belonging to your end-customers

• End-customer passwords or credentials

How We Access It

All data access flows through GoHighLevel's official OAuth 2.0 API with scoped permissions. You authorize exactly what GoCSM can access during installation. You can revoke this access at any time by uninstalling GoCSM from the GHL Marketplace — no need to contact us.

3. Data Storage — How We Keep Your Data Safe

Primary Database

Our primary database stores the operational data needed to deliver your analytics:

• What we store: Agency profiles (name, email, timezone), sub-account metadata (name, status, plan, city, country), user profiles (name, email, role — as they appear in GHL), billing state, and SaaS plan configurations.

• What we do NOT store: End-customer personal data (your clients' contacts or leads), passwords, payment card numbers, message or conversation content, or file attachments.

Encryption at rest and TLS encryption for all connections in transit.

Analytics Database

Our analytics engine stores aggregated activity metrics that power your dashboards:

• What we store: Login frequency counts, feature usage statistics, workflow execution counts, and transaction summaries — all aggregated at the sub-account or agency level.

• What we do NOT store: Individual end-customer data. Analytics data is aggregated, not granular. We track that a sub-account had 47 workflow executions last week, not the details of each execution.

All connections to the analytics database use HTTPS with authentication.

Sessions and Cache

This stores temporary, short-lived data:

• What we store: Active session data (your user ID, agency ID, role) and short-lived query cache to improve dashboard performance.

• Automatic expiration: Session data is never retained beyond its 30-minute TTL. Cache entries expire on their own schedules.

• TLS encryption: All cache connections in production use TLS encryption.

4. Authentication — How We Verify Your Identity

Single Sign-On Through GoHighLevel

You never create a separate GoCSM password. Authentication is handled entirely through GoHighLevel's marketplace Single Sign-On (SSO) system. When you open GoCSM from within your GoHighLevel dashboard, GHL sends an encrypted authentication payload that confirms your identity.

That payload is encrypted with AES-256-CBC — the same encryption standard used by banks and government agencies — using a shared secret known only to GoHighLevel and our servers. We decrypt it in server memory, verify your identity, and immediately discard the raw payload. It is never written to disk, stored in a database, or included in logs.

Server-Side Session Management

Once your identity is verified, we create a server-side session stored in our cache — not a client-side token that could be intercepted or stolen from your browser. Here is what that means for you:

• HttpOnly cookies — Your session identifier is stored in a cookie that JavaScript cannot access, making it immune to cross-site scripting (XSS) attacks.

• Secure flag — The cookie is only transmitted over encrypted HTTPS connections, never in plain text.

• SameSite protection — The cookie includes SameSite attributes to prevent cross-site request forgery (CSRF) attacks.

• 256-bit random session IDs — Each session identifier is generated using 256 bits of cryptographically secure randomness, making it computationally infeasible to guess.

• Automatic expiration — Sessions expire after 24 Hour's of inactivity.

• Explicit logout — When you log out, your session is destroyed server-side immediately. There is no lingering access.

OAuth 2.0 for API Access

We connect to GoHighLevel using the industry-standard OAuth 2.0 Authorization Code flow. You authorize GoCSM during installation through the GHL Marketplace, and we receive scoped access tokens that limit what we can read. Tokens are refreshed automatically when they expire, and you can revoke access at any time by uninstalling GoCSM from the GHL Marketplace.

5. Authorization — Who Can See What

Agency-Level Tenant Isolation

Your data is completely separated from every other agency on our platform. Every database query — whether it reads from our primary database or our analytics engine — is scoped to your agency ID. There is no mechanism for one agency to access another agency's data, intentionally or accidentally.

Global Authentication Guard

Every API endpoint on our platform requires authentication by default. This is not a per-route configuration that could be accidentally missed — it is a global guard applied to the entire application. The only exceptions are webhook receivers (which use their own cryptographic verification) and the health check endpoint. Everything else requires a valid, unexpired session.

Role-Based Access

Your roles and permissions are inherited directly from your GoHighLevel account. If you are an agency owner, admin, or user in GHL, GoCSM recognizes and respects those same roles. There is no separate permission system to configure or manage — your GHL identity is your GoCSM identity.

6. Encryption

We use encryption at every layer of communication and storage:

• In transit: All communication uses TLS/HTTPS — between your browser and our servers, between our servers and every database, and between our servers and third-party APIs (GoHighLevel, Stripe, PostHog). No data travels in plain text.

• At rest: All databases use encryption at rest, ensuring data stored on disk is encrypted.

• SSO payloads: Encrypted with AES-256-CBC using a shared secret between GoHighLevel and GoCSM. The payload is decrypted only in server memory, never written to disk or included in logs.

7. Payment Processing

GoCSM uses Stripe for all payment processing — we never see, store, or process your credit card number.

• PCI DSS Level 1: Stripe holds the highest level of payment security certification in the industry. Your card details are entered directly into Stripe's secure payment forms and never touch our servers.

• Webhook verification: Every payment notification we receive from Stripe is verified using cryptographic signature validation. This ensures no one can send us fake payment events to manipulate your billing state.

• What we store: Only your Stripe customer ID and subscription ID — the minimum needed to manage your billing. We never store card numbers, CVVs, or bank account details.

8. Third-Party Services

We use a small number of trusted third-party services, each for a specific purpose:

About PostHog: We use PostHog to understand how you use GoCSM — which dashboards you visit most, which features you find useful, where you encounter friction. This helps us improve the product. We identify you by your GHL user ID and agency so we can provide better support. No end-customer data is ever sent to PostHog.

10. Data Retention and Your Rights

• Session data: Automatically deleted after 30 minutes of inactivity. No manual cleanup needed.

• Analytics data: Retained for historical trending and reporting for as long as your GoCSM account is active. This is what powers your long-term dashboards and trend analysis.

• Upon uninstall: When you uninstall GoCSM from the GHL Marketplace, your OAuth tokens are immediately invalidated by GoHighLevel — we lose API access to your GHL data instantly. Your historical analytics data remains available should you choose to reinstall.

• Data deletion: You may request complete deletion of all your data at any time by contacting us. We will remove your agency profile, sub-account metadata, user records, analytics history, and billing records.

11. Security Practices

We follow industry-standard security practices throughout our development and operations:

• Input validation on all API endpoints using whitelist-based validation — only expected data shapes are accepted.

• Parameterized database queries — all database queries use parameterized inputs, making them immune to SQL and NoSQL injection attacks.

• HttpOnly, Secure, SameSite cookies — your session cookie is protected against XSS, man-in-the-middle, and CSRF attacks.

• No sensitive data in logs — tokens, passwords, SSO payloads, and session identifiers are never written to application logs.

• Dependency vulnerability scanning — we monitor our software dependencies for known security vulnerabilities.

• Principle of least privilege — we request only the GoHighLevel API scopes we need to deliver your analytics. We do not request broad access "just in case."

• Global authentication by default — every endpoint requires authentication unless explicitly exempted, eliminating the risk of accidentally exposing an unprotected route.

12. Contact Us

We welcome your security questions and take every inquiry seriously.

• Security inquiries: help@gocsm.com