How does LeadsLogix protect my data?

Multiple layers: TLS 1.3 in transit, AES-256 at rest, per-tenant database isolation, encrypted credential vault (Fernet + PBKDF2), audit logging on all data access, and no secrets in source code. All API keys and OAuth tokens are stored in the encrypted vault, not in environment variables or code.

Is LeadsLogix GDPR compliant?

Yes. We provide data processing agreements, support right-to-erasure requests, track consent, minimize data collection, and maintain a global suppression list. The compliance service automatically enforces GDPR, CAN-SPAM, and CCPA requirements.

Does LeadsLogix scrape ethically?

We follow responsible scraping practices: respect robots.txt, implement per-domain rate limits (2-5 second delays), cap concurrent requests (max 10 per IP), stop on CAPTCHA detection, and filter out restricted domains. Our ethical scraping policy is documented in our compliance framework.

Is there SOC 2 compliance?

LeadsLogix is SOC 2 Type II ready. We maintain documented controls for security, availability, processing integrity, confidentiality, and privacy. Enterprise customers receive our SOC 2 readiness report and security questionnaire responses on request.

Enterprise Security

Security built into every layer

Encryption, isolation, audit logging, and compliance controls embedded throughout the platform. Not bolted on as an afterthought.

Encryption

TLS 1.3 for data in transit. AES-256 encryption for data at rest. Fernet + PBKDF2 encrypted credential vault for all API keys and OAuth tokens.

Tenant Isolation

Per-tenant SQLite databases with contextvars-based scoping. No data leakage between tenants. Each tenant gets isolated storage, credentials, and configuration.

Authentication & Authorization

API key authentication with per-key scoping and rate limits. OAuth2 support for Google, Microsoft, and Zoho. Key rotation without downtime.

Audit Logging

Every API call, pipeline execution, data access, and admin action is logged with timestamps, user context, and trace IDs. Full decision traceability.

Infrastructure Security

VPS deployment with hardened Linux. SSH key-only access. Firewall rules. No secrets in code -- all credentials via environment variables.

Incident Response

Defined incident severity levels. Automated alerting. Documented response procedures with escalation paths and customer notification timelines.

Compliance

GDPR

Data processing agreements, right to erasure, consent tracking, data minimization

CAN-SPAM

Unsubscribe handling, sender identification, physical address inclusion

CCPA

Data access requests, deletion rights, opt-out mechanisms

SOC 2 Type II

Security, availability, processing integrity, confidentiality, privacy controls

Security Practices

All secrets stored in .env files -- never committed to version control

VPS IP addresses abstracted behind environment variables

SSH commands isolated in gitignored settings.local.json

Per-domain rate limiting to respect target website policies

CAPTCHA detection with automatic stop -- no bypass attempts

Bad domain filter prevents scraping of restricted sites

Proxy rotation via Tor SOCKS5 for anonymization

Circuit breakers on aggressive SMTP servers to prevent abuse

Enterprise-grade security, every plan

Security features are not gated by plan tier. Every customer gets encryption, isolation, and audit logging.

FAQ

Frequently Asked Questions

Everything you need to know about our platform.

Still have questions?

Our team can walk you through the pipeline, pricing, and your use case.

Talk to us

Trust Center

Trust

Transparency and responsible AI

/trust

Developer Platform

Developer

API security and authentication

/developers

Platform Architecture

Platform

Technical infrastructure

/platform

Enterprise Security

Security built into every layer

Encryption, isolation, audit logging, and compliance controls embedded throughout the platform. Not bolted on as an afterthought.

Encryption

TLS 1.3 for data in transit. AES-256 encryption for data at rest. Fernet + PBKDF2 encrypted credential vault for all API keys and OAuth tokens.

Tenant Isolation

Per-tenant SQLite databases with contextvars-based scoping. No data leakage between tenants. Each tenant gets isolated storage, credentials, and configuration.

Authentication & Authorization

API key authentication with per-key scoping and rate limits. OAuth2 support for Google, Microsoft, and Zoho. Key rotation without downtime.

Audit Logging

Every API call, pipeline execution, data access, and admin action is logged with timestamps, user context, and trace IDs. Full decision traceability.

Infrastructure Security

VPS deployment with hardened Linux. SSH key-only access. Firewall rules. No secrets in code -- all credentials via environment variables.

Incident Response

Defined incident severity levels. Automated alerting. Documented response procedures with escalation paths and customer notification timelines.

Compliance

GDPR

Data processing agreements, right to erasure, consent tracking, data minimization

CAN-SPAM

Unsubscribe handling, sender identification, physical address inclusion

CCPA

Data access requests, deletion rights, opt-out mechanisms

SOC 2 Type II

Security, availability, processing integrity, confidentiality, privacy controls

Security Practices

All secrets stored in .env files -- never committed to version control

VPS IP addresses abstracted behind environment variables

SSH commands isolated in gitignored settings.local.json

Per-domain rate limiting to respect target website policies

CAPTCHA detection with automatic stop -- no bypass attempts

Bad domain filter prevents scraping of restricted sites

Proxy rotation via Tor SOCKS5 for anonymization

Circuit breakers on aggressive SMTP servers to prevent abuse

Enterprise-grade security, every plan

Security features are not gated by plan tier. Every customer gets encryption, isolation, and audit logging.

FAQ

Frequently Asked Questions

Everything you need to know about our platform.

Still have questions?

Our team can walk you through the pipeline, pricing, and your use case.

Talk to us

Trust Center

Trust

Transparency and responsible AI

/trust

Developer Platform

Developer

API security and authentication

/developers

Platform Architecture

Platform

Technical infrastructure

/platform

Security built into every layer

Encryption

Tenant Isolation

Authentication & Authorization

Audit Logging

Infrastructure Security

Incident Response

Compliance

GDPR

CAN-SPAM

CCPA

SOC 2 Type II

Security Practices

Enterprise-grade security, every plan

Frequently Asked Questions

Related

Trust Center

Developer Platform

Platform Architecture

Security built into every layer

Encryption

Tenant Isolation

Authentication & Authorization

Audit Logging

Infrastructure Security

Incident Response

Compliance

GDPR

CAN-SPAM

CCPA

SOC 2 Type II

Security Practices

Enterprise-grade security, every plan

Frequently Asked Questions

Related

Trust Center

Developer Platform

Platform Architecture