Security

Last updated: June 18, 2026

All Systems Operational

Uptime: 99.9% · Report an issue: [email protected]

1. Infrastructure Security

1.1 Hosting

iLeadX is deployed on dedicated infrastructure with strict access controls. Our servers are configured with minimal attack surface, automatic security updates, and firewall rules restricting access to necessary ports only.

1.2 Encryption

Layer	Standard
Data in Transit	TLS 1.3 with strong cipher suites. All API and dashboard traffic is encrypted end-to-end.
Passwords	Argon2id hashing with unique per-password salts. Passwords are never stored in plaintext.
API Tokens	JWT (HS256) with short expiration (8 hours) and refresh token rotation.
Payment Data	Card numbers never touch our servers. All payments are tokenized by Paystack, Stripe, or NowPayments.

2. Access Control

Control	Description
Role-Based Access	Three-tier hierarchy: User → Admin → Super Admin. Each role has strictly defined permissions.
Two-Factor Authentication	TOTP-based 2FA (RFC 6238). Mandatory for admin accounts, optional for users.
Session Management	Per-device session tracking with device fingerprinting. Users can view and revoke sessions remotely.
IP Logging	IP addresses logged for all sessions. Displayed as masked (e.g., 192.168.1.***) for privacy.
Rate Limiting	API rate limits on authentication, exports, and search endpoints to prevent abuse.

3. Audit & Monitoring

Capability	Description
Admin Audit Trail	All administrative actions logged with timestamp, admin identity, target, old value, and new value.
Action Types Tracked	User deletion, role changes, plan changes, login events, settings changes, usage resets.
Search Diagnostics	Per-search timing breakdowns available for debugging and performance monitoring.
System Health	Continuous monitoring of API responsiveness, database health, and scraping infrastructure.

4. Compliance

Standard	Status
SOC 2 Type II	Working toward certification. Security controls designed to meet Trust Services Criteria for Security, Availability, and Confidentiality.
GDPR	Compliant. Data Processing Agreement available for Enterprise customers. EU Standard Contractual Clauses available upon request.
CCPA/CPRA	Compliant. We do not sell personal data. Data subject requests processed within 30 days.
SSL/TLS	256-bit encryption. All connections enforce HTTPS with HSTS.

5. Vulnerability Disclosure

If you discover a security vulnerability in iLeadX, please report it to [email protected]. We request that you:

Provide detailed steps to reproduce the issue
Allow reasonable time for us to address the vulnerability before public disclosure
Not exploit the vulnerability for unauthorized access or data extraction

We treat all vulnerability reports with the highest priority and aim to acknowledge receipt within 24 hours.

6. Incident Response

In the event of a security incident affecting user data:

Affected users will be notified within 72 hours (per GDPR requirements)
Notification will include: nature of the incident, data affected, likely impact, and remediation steps
A post-incident review will be conducted to prevent recurrence

7. Contact

Security inquiries: [email protected]
Subject: "Security Inquiry"
Response time: Within 24 hours for security matters

← Back to iLeadX