Security
Your data is your business. We treat it that way.
Leadcues stores WhatsApp conversations, contact records, and call history on behalf of your team. Here is exactly how we protect it.
Data protection
How we store, transmit, and back up your data.
Encryption at rest
All customer data stored in Leadcues databases is encrypted at rest using AES-256. Sensitive fields — including contact details and message content — are encrypted at the application layer before storage.
Encryption in transit
All data transmitted between your browser, our servers, and third-party services is encrypted using TLS 1.2 or higher. We do not serve any pages or APIs over unencrypted HTTP.
Backups
Customer data is backed up daily using point-in-time snapshots. Backups are retained for 30 days and stored in a separate environment from production.
Access & infrastructure
Controls that limit who and what can reach your data.
Role-based access
Team member permissions are managed at the account level. Admins control who can view, edit, or export data. Access is granted by role — not by default.
Internal access restrictions
Production database access is restricted to a minimal set of engineers. All internal access is logged and audited. No support agent can access customer conversation data without explicit account-level permission.
Network segmentation
Production systems are isolated from development and staging environments. Access to production infrastructure requires VPN authentication and is logged.
Vulnerability monitoring
We run automated dependency and vulnerability scans on every code deployment. Critical issues block deployment until resolved.
Privacy & compliance
Your rights over your data and how we handle it.
GDPR
Leadcues is GDPR compliant. You can request a copy of your data, request deletion, or restrict processing at any time by contacting support@leadcues.pro. We do not sell customer data to third parties.
Data retention
We retain your data for as long as your account is active. When you close your account, your data is deleted from production systems within 30 days and from backups within 60 days.
Data deletion on request
You can request deletion of specific contacts, conversations, or your entire account at any time. Deletion requests are processed within 14 days.
Sub-processors
Leadcues uses a limited set of third-party sub-processors for infrastructure, email delivery, and analytics. We do not share customer conversation data with advertising networks or data brokers.
Incident response
What happens if something goes wrong.
- Security incidents are triaged within 4 hours of discovery.
- Affected customers are notified within 72 hours of a confirmed breach — in line with GDPR requirements.
- Post-incident reports are available to Enterprise customers on request.
- We maintain a documented incident response plan reviewed quarterly.
Responsible disclosure
If you discover a security vulnerability in Leadcues, please report it to security@leadcues.pro. We will acknowledge receipt within 24 hours and keep you updated as we investigate. We ask that you give us a reasonable window to address the issue before public disclosure. We do not pursue legal action against researchers who report vulnerabilities in good faith.
Last reviewed: May 2026. For Enterprise security reviews, custom DPAs, or compliance questions, contact support@leadcues.pro.