Data in transit and at rest
All customer traffic runs over TLS 1.2+. Bundle files are stored in a private object store and delivered only via short-lived signed URLs after a purchase is verified.
Trust
This page is maintained by the Leads.Garden team to answer common security questions about our platform. It is not a certification. We do not currently hold third-party audits such as SOC 2 or ISO 27001; if you need them, contact us and we will discuss where we are on that roadmap.
All customer traffic runs over TLS 1.2+. Bundle files are stored in a private object store and delivered only via short-lived signed URLs after a purchase is verified.
Email/password and Google sign-in are supported through our managed authentication provider. Passwords are salted and hashed by the provider; we never see plaintext passwords.
Row-level security policies scope every database read and write to the authenticated user. Admin actions are restricted to users granted an explicit admin role in a separate roles table.
Managed database with daily backups. Object storage is regionally durable with multi-zone replication.
Email security@leads.garden. We acknowledge within one business day and coordinate disclosure with reporters acting in good faith.