You’re trusting us with your phone data and your API keys.
Here’s exactly what CIDSync can access, what it stores, and the guardrails that keep you in control.
Read-only, least-privilege
CIDSync requests only the ServiceTitan access it needs to see your active campaign numbers — read-only. It can’t change settings, jobs, or customer data, and it never writes back to ServiceTitan.
Encrypted credentials
Your API credentials are encrypted at rest. In the app you’ll only ever see a non-reversible fingerprint like ••••1234— the secret itself is never displayed again after you enter it.
Dry-run by default
Every new connection starts in dry-run. CIDSync shows you what it wouldregister or update in Hiya before anything changes — so there are no surprises when you flip to live.
You stay in control of your numbers
CIDSync is an orchestrator, not a manager. You add and retire numbers in ServiceTitan and Hiya; we keep your branded caller ID in step. We never manage your numbers for you.
Enter once. Stored encrypted. Shown as a fingerprint.
You paste it
You enter your Hiya API credentials over an encrypted connection.
We encrypt it
The secret is encrypted at rest and used only to talk to Hiya on your behalf.
You see a fingerprint
From then on the app shows ••••1234— never the secret.
What we access
- Your active campaign phone numbers in ServiceTitan (read-only)
- The Hiya Connect registration state for those numbers
- Your account email for sign-in and notifications
What we don’t
- Call recordings, customer records, or job details
- Write access to ServiceTitan — we never change your data
- Your secrets in plain text — only encrypted, never re-displayed
Questions about security or data handling? Email security@cidsync.com. See our privacy policy for the full detail.