Security for Your Lead Generation Tool — Encryption & Access Control
Encrypt the fields that matter, keep operational data usable, and manage access with GDPR-ready controls. Security is built into the workflow, not bolted on afterward.
7-day free trial on our Starter plan. No credit card required.
Per-Field Encryption
Mark individual fields as encrypted. Data is encrypted at rest using AES-256-GCM — the same authenticated encryption standard used by banks and governments.
Per-Account Key Isolation
Every account has its own encryption key, wrapped by the application master key. A compromise of one account cannot expose another's data.
GDPR Compliance
Account administrators control which fields are encrypted. System fields remain queryable while sensitive PII (phone, email, address) can be encrypted with a single toggle.
Stripe-Powered Payments
Payments are handled entirely by Stripe — we never see or store your credit card data. EU VAT and billing address collection are built into the checkout flow.
Anti-Spam Protection
Forms include built-in honeypot fields and Google reCAPTCHA integration to prevent bot submissions without impacting the user experience.
Role-Based Access
Assign leads to specific team members and grant view-only access to others. Control who can see, edit, and manage lead data across your pipeline.
AWS S3 Storage
All file uploads and generated documents (invoices, exports) are stored on AWS S3 with server-side encryption and signed URL access.
What this means in practice
Protect sensitive PII without turning your CRM into a black box for the team that needs to work the lead.
Encrypt what is sensitive
Phone numbers, emails, addresses, and other private data can be encrypted field by field instead of forcing a one-size-fits-all approach.
Keep workflows operational
System-critical fields remain usable for filtering, routing, automation, and reporting, so your team can still work efficiently.
Control access deliberately
Use roles, assignments, and account-level isolation to decide who can view and act on data across your pipeline.
How Encryption Works
Application Key
The Laravel application key wraps and unwraps per-account keys. Rotating it re-wraps account keys without touching lead data.
Account Key
Each account gets a unique 256-bit key, generated on creation. This key encrypts and decrypts that account's lead field data exclusively.
Field Values
Encrypted values use AES-256-GCM with a unique IV per value. The format includes an authentication tag to detect tampering.
Secure by default
Start your free trial with encryption, access control, and compliant storage already built in. No separate security add-on required.