Security

Built with security in mind

Your lead data is sensitive business information. Here is exactly how LeadQualify protects it no vague promises, specific technical details.

Encrypted connections

All data in transit is encrypted via HTTPS/TLS. No plain-text transmissions between your browser and our servers.

Hashed passwords

Passwords are hashed with bcrypt before storage. We never see or store your plain-text password.

JWT authentication

Secure token-based sessions stored in httpOnly cookies inaccessible to JavaScript and resistant to XSS attacks.

No lead data stored

Contact records are processed and immediately discarded. We store only the scores and tier verdicts never raw personal data.

Row-level security

Database enforces strict per-user access. You can only ever see your own jobs and results never another user's data.

Service-role API only

The database is never exposed directly to the browser. All access goes through authenticated server-side API routes.

Rate limiting

Login and signup endpoints are rate-limited to prevent brute force attacks.

Input validation

All inputs are validated and sanitised server-side using Zod schema validation before touching the database.

Data retention policy

Contact records submitted for scoring are processed in memory and never written to disk or database. Only the derived scores, tier verdicts, and score breakdowns are stored and only in your account. You can delete any job and its results at any time from your dashboard.

Found a security issue?

Please report it responsibly to support@leadqualify.com. We take security reports seriously and respond within 24 hours.