Legal

Security

Last updated July 2026

Secrets management

All credentials live in environment variables or a vault with least-privilege scopes — never in source, logs, or the client bundle.

Encryption

TLS everywhere in transit; sensitive fields such as phone numbers are encrypted at rest.

Access control

Role-based access gates campaigns and raw contact data. Sessions use secure, HTTP-only cookies.

Webhooks

Inbound webhooks (Twilio, email providers) are signature-verified before their payloads are trusted.

Reporting

Found an issue? Email security@leadskonnect.com — we respond quickly and credit responsible disclosure.

This is a template document for LeadsKonnect and not legal advice. Replace with counsel-reviewed text before launch.