Security

Plain-English overview of how LeadIntel is designed to protect your account and data.

Overview

LeadIntel is built to help outbound sellers act on timely signals. We store the minimum needed to run the service and keep sensitive secrets server-side.

  • We store: your account email, billing/customer IDs, your saved ICP settings, and the accounts/leads you add to your watchlist.
  • We do not store: your Stripe payment card details (handled by Stripe), or your passwords in plaintext (handled via Supabase auth).

Authentication

Provider: Supabase (email/password sessions)
Access control: row-level policies in the database enforce tenant isolation.
Session handling: server routes avoid exposing secrets to the browser.

Billing

Provider: Stripe
Customer portal: users manage/cancel subscriptions via Stripe’s portal.
Payment data: payment method details are processed and stored by Stripe.

Platform safeguards

  • Rate limiting is applied to public and authenticated endpoints to reduce abuse.
  • Structured API responses reduce accidental leakage of internal errors to clients.
  • Logging is structured and avoids printing secrets or full request bodies.
  • Secrets (API keys, service-role keys) are server-only environment variables.

Data handling

We retain your workspace data for as long as your account is active, and we support deletion requests.

To request deletion or export, email leadintel@dazrael.com.

Backups and operational logs may be retained for a limited period to support reliability and incident response.

Vulnerability disclosure

If you believe you’ve found a security issue, email us at leadintel@dazrael.com with the subject “Security”.

  • Please include steps to reproduce and any relevant screenshots/logs.
  • Please avoid scanning or disrupting other customers’ data.
  • We’ll acknowledge reports and work toward a fix as quickly as possible.
Try a sample digestView subprocessors