Security & privacy

We take data protection seriously.

Our security measures

Encryption at rest & in transit

All data is encrypted using industry-standard AES-256 encryption when stored, and TLS 1.3 for all data in transit. Your leads and account information are never stored in plain text.

Access control

Strict role-based access controls ensure only authorized personnel can access systems. Multi-factor authentication is required for all team members with administrative access.

Secure infrastructure

We host on enterprise-grade infrastructure (Netlify, Railway, Supabase) with 99.9% uptime SLAs, automatic backups, and redundancy across multiple availability zones.

Security monitoring

24/7 automated monitoring for suspicious activity, unusual access patterns, and potential security threats. Regular penetration testing and vulnerability scans.

Data minimization

We only collect and store what's necessary to provide our service:

  • Account data: Email, password (hashed), and usage logs
  • Lead data: Business information extracted from public sources (Google Maps)
  • Payment information: Processed by Stripe (we never store card details)

What we don't collect: Personal contact information, location tracking, or any data unrelated to lead generation.

GDPR overview

Lawful basis for processing

We process personal data based on:

  • Contract performance: To provide the lead generation service you signed up for
  • Legitimate interests: To improve our service, prevent fraud, and maintain security
  • Consent: For marketing emails and non-essential cookies (you can opt out anytime)

Your rights

Under GDPR, you have the right to:

• Access

Request a copy of your data

• Rectification

Correct inaccurate information

• Erasure

Delete your account and data

• Portability

Export your data

• Object

Stop certain processing

• Withdraw consent

For marketing communications

To exercise any of these rights, contact privacy@leadforge.ai

Data processing agreement

If you use LeadForge to process data on behalf of your business, we act as a data processor and you act as the data controller. We provide a Data Processing Agreement (DPA) upon request for enterprise customers.

Retention policy

We retain data only as long as necessary:

  • Account data: Until you delete your account or after 3 years of inactivity
  • Lead data: Retained as long as your account is active, or until you delete specific jobs
  • Usage logs: 90 days for security and debugging purposes
  • Billing records: 7 years for tax compliance
  • Marketing data: Until you unsubscribe from communications

After retention periods expire, data is permanently deleted from all systems and backups.

Compliance & certifications

GDPR

EU data protection compliance

CCPA

California privacy rights

SOC 2

Coming Q2 2026

Questions about security?

For detailed information about our privacy practices, see our Privacy Policy.

For security inquiries or to report a vulnerability, contact security@leadforge.ai

Start with confidence

Your data is protected. Try LeadForge risk-free.

Start free trialContact support