Security

Your leads are your revenue. We treat them that way.

LeadMove processes personal data on your behalf — so here is exactly how it is protected, where it lives, and how you get it back out. No badges we don't hold, no claims we can't back.

Encryption everywhere

All traffic is encrypted in transit with TLS. Lead data is encrypted at rest (AES-256) in our database. Passwords are hashed — never stored in plain text.

Transparent hosting

Our database runs on Supabase and the application on Vercel, both in US regions. The full sub-processor list, with hosting regions, is public in our Privacy Policy — no surprises about where your data lives.

GDPR: you control, we process

For the leads you route, you are the Data Controller and LeadMove acts as your Data Processor. EU data transfers are covered by Standard Contractual Clauses with our sub-processors, and a Data Processing Agreement is available on request at hello@leadmove.io.

Delivery you can audit

Every delivery attempt is logged lead-by-lead: which buyer, which endpoint, when, and the response. Failed webhooks retry with exponential backoff behind a circuit breaker — and every retry is in the log too.

Your data is portable

Export your leads as CSV or via API at any time. If you cancel, email us and we will send you a full export of your data. Deleting your account deletes your data within 30 days, except where law requires retention.

Access control

Your organization’s data is isolated per tenant. Buyers only ever see their own leads through the buyer portal — never other buyers’, never other pipelines’.

Where to look deeper

  • Privacy Policy — including the full public list of sub-processors and their hosting regions.
  • Webhook documentation — how lead ingestion and delivery work, including authentication and retries.
  • hello@leadmove.io — for a Data Processing Agreement, security questions, or responsible disclosure of a vulnerability. Security reports are read the same day.