Security | LeadsApp

At LeadsApp, security is foundational to everything we build. We implement industry best practices to protect your data.

Infrastructure

All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Application hosted on SOC 2 compliant infrastructure
Regular automated backups with geographic redundancy
DDoS protection and rate limiting

Application Security

Security headers enforced (CSP, HSTS, X-Frame-Options)
Input validation and output encoding
SQL injection and XSS prevention
Regular dependency vulnerability scanning

Access Control

Role-based access control (RBAC)
Secure password hashing (bcrypt)
Session management with secure tokens
Two-factor authentication available

Data Protection

Minimal data collection principle
Data retention policies enforced
Right to deletion honored promptly
GDPR and CCPA compliant

Incident Response

We maintain an incident response plan and will notify affected users within 72 hours of a confirmed data breach, as required by applicable regulations.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to support@leadsapp.com. We appreciate your help in keeping LeadsApp secure.