Security
Built with security in mind
Your lead data is sensitive business information. Here is exactly how LeadQualify protects it no vague promises, specific technical details.
Encrypted connections
All data in transit is encrypted via HTTPS/TLS. No plain-text transmissions between your browser and our servers.
Hashed passwords
Passwords are hashed with bcrypt before storage. We never see or store your plain-text password.
JWT authentication
Secure token-based sessions stored in httpOnly cookies inaccessible to JavaScript and resistant to XSS attacks.
No lead data stored
Contact records are processed and immediately discarded. We store only the scores and tier verdicts never raw personal data.
Row-level security
Database enforces strict per-user access. You can only ever see your own jobs and results never another user's data.
Service-role API only
The database is never exposed directly to the browser. All access goes through authenticated server-side API routes.
Rate limiting
Login and signup endpoints are rate-limited to prevent brute force attacks.
Input validation
All inputs are validated and sanitised server-side using Zod schema validation before touching the database.
Data retention policy
Contact records submitted for scoring are processed in memory and never written to disk or database. Only the derived scores, tier verdicts, and score breakdowns are stored and only in your account. You can delete any job and its results at any time from your dashboard.
Found a security issue?
Please report it responsibly to support@leadqualify.com. We take security reports seriously and respond within 24 hours.