Chykalophia Docs
Giving Chykalophia access

How we keep your logins safe

Our strict internal security practices for handling, storing, and eventually removing your sensitive credentials.

accesssecuritygetting-startedbeginner

We know that handing over the keys to your business systems requires a high level of trust. At Chykalophia, we treat your sensitive data with the same strict security protocols we use for our own agency infrastructure.

Quick summary

We never store passwords in plain text, emails, or spreadsheets. Your credentials are kept in a heavily encrypted, enterprise-grade password manager. Access is restricted exclusively to the team members actively working on your project, and our own accounts are protected by mandatory Two-Factor Authentication (2FA).

Our internal security protocols

Beginner 3 minutes

Here is exactly what happens behind the scenes when you grant us access to a platform or share a password with our team.

1. Enterprise-grade encryption

When you share a credential with us, it immediately goes into our team's encrypted password manager. We do not store passwords in ClickUp, Google Docs, Slack, or email. The password manager encrypts your data at the device level, meaning even the software provider cannot see your passwords.

2. Strict "need-to-know" access

We practice the principle of least privilege. Your credentials are only shared within a dedicated, secure vault created specifically for your project. Only the strategists, designers, or developers actively assigned to your account have access to this vault.

3. Mandatory 2FA for our team

Every Chykalophia team member is required to use Two-Factor Authentication (2FA) on their own accounts, including our email, project management software, and our password manager. Even if a team member's device were compromised, your data remains shielded behind secondary authentication layers.

4. Routine access audits

Our leadership team routinely audits project vaults to ensure that team members who transition off a project no longer have access to your credentials.

5. Secure offboarding

When our engagement concludes, we initiate a secure offboarding process. We will provide you with a checklist of systems where our access should be revoked (such as removing support@chykalophia.com from your WordPress or hosting accounts), and we securely delete your raw credentials from our password manager.

Why we prefer delegate access

Whenever a platform allows it, we will ask you to invite us as a "delegate" or "collaborator" rather than sharing your personal password.

Inviting support@chykalophia.com as a user on your account is the most secure method of collaboration because:

  • You never have to reveal your personal password.
  • You maintain total ownership of the account.
  • You can revoke our access with a single click when the project ends.

To learn more about this, check out our guide on delegate access vs. sharing a password.

Questions about our security?

If your IT or compliance team needs more specific information about our security protocols, please reach out to support@chykalophia.com and we will gladly provide further documentation.

Why we ask for access (and why it's safe)

An honest explanation of why Chykalophia needs access to your accounts, what we do with it, and how you stay in control.

Delegate access vs. sharing a password

Why invitations and role-based access are safer than handing over your personal login details.

On this page

Our internal security protocols1. Enterprise-grade encryption2. Strict "need-to-know" access3. Mandatory 2FA for our team4. Routine access audits5. Secure offboardingWhy we prefer delegate access