Skip to main content
All CollectionsContactsBest Practices
Handling Sensitive Client Data in Contacts
Handling Sensitive Client Data in Contacts

Learn what sensitive info NOT to store directly (passwords, IDs) for security. Use password managers & Karbon's privacy settings.

Erin Jamison avatar
Written by Erin Jamison
Updated this week

At Karbon, we take data protection seriously and invest in enterprise-grade security measures to protect your firm and client information. While Karbon is designed to centralize your work and communication efficiently, there are certain types of sensitive data that are better managed through specialized tools.

What Not to Store in Karbon Contacts

We recommend avoiding the storage of the following types of sensitive client information in Karbon — particularly in contact custom fields or notes — as Karbon is not designed for encrypted field-level storage.

  • Accounting software usernames or passwords

  • Bank account credentials or direct debit logins

  • Tax portal passwords (e.g. MyIR, ATO Portal)

  • Personal identifiers (e.g. passport numbers, driver licence scans)

  • Credit card numbers

Alternatives: Where to Store Sensitive Data Securely

Password managers are designed specifically to store sensitive credentials securely and are an ideal complement to Karbon. These tools provide encryption, audit trails, and sharing controls that go beyond what contact fields in any workflow tool can offer.

Popular options include:

You can then add a reference or link to the vault entry in Karbon. For example:

• Create a Contact custom field called Secure Credentials Reference

• Add a value such as: 1Password → QBO login for XYZ Ltd

If You Do Store Sensitive Details in Karbon

If limited sensitive data (such as a business tax ID or company registration number) must be stored, Karbon provides granular privacy settings to help ensure only the right team members can view this information.

Use Contact Privacy Settings

To adjust the privacy settings for a contact:

  1. Navigate to the Contact’s Details:

    1. Go to the Details tab of the specific contact.

  2. Set the Privacy Level:

    1. Locate the Privacy section.

    2. Choose the appropriate privacy level:

    3. Public: All team members can access the contact and its information.

    4. Private: Only members of the Client Team can access the contact.

    5. Hidden: Only members of the Client Team can access the contact, and it will not appear in searches or be visible to other team members.

  3. Manage the Client Team:

    1. In the Client Team section, add or remove team members as necessary to control who has access to the contact’s information.

By configuring these settings, you ensure that sensitive client data is accessible only to authorized personnel. For more detailed guidance, refer to Karbon’s help article on Overview of Contacts.

Review Access Regularly

As team roles evolve, it’s important to periodically review and update access permissions:

Audit Client Teams: Regularly assess the members of each Client Team to ensure only necessary personnel have access.

Update Access: Remove team members who no longer require access to specific contacts.

Regular reviews help maintain data security and ensure compliance with privacy policies.

Did this answer your question?