Security Practices

1. Data Storage

• Supabase Postgres with row-level security
• Encrypted data storage
• Auth sessions stored securely

2. Data Transmission

All traffic is protected with TLS (HTTPS).

3. Platform Security

• Rate limiting (Upstash)
• Firewall & WAF (Vercel)
• Logging & monitoring

4. Operational Security

• Limited employee access
• API key protections
• Secure deployment workflows

5. Third-Party Security

We integrate with trusted, security-conscious providers:

• Stripe – PCI-compliant payment processing
• Twilio – Secure SMS delivery
• Resend – Secure email delivery
• Anthropic – AI processing with data protection

6. Responsible Disclosure

If you discover a security vulnerability, please report it to: support@leadmachine.ai

We appreciate responsible disclosure and will work to address issues promptly.