Outbound runs on trust: your connected accounts, your lead lists, and the messages in between. Here is how we keep them safe.
All traffic to 8Leads runs over TLS. Data is encrypted at rest. The most sensitive values, the login sessions and proxy credentials for your connected accounts, are encrypted with AES-256-GCM using a key that is never stored alongside the data. A session is never held in plain text.
The public application and the sending workers run as separate services with network isolation between them. The database is managed Postgres with automated backups. Secrets are held in the platform secret store, not in code. Access to production is limited and logged.
Inside your workspace, roles decide who can send, who can only view, and who manages billing. On our side, staff access follows least privilege, sits behind authentication, and is recorded in an audit log. Every workspace is isolated so one customer can never see another customer data.
Protecting your Instagram accounts is part of security, not just deliverability. Each account gets its own proxy and device fingerprint, sends inside daily and hourly caps with human-like pacing, and carries a health score that throttles or pauses sending when the signals turn bad. If Instagram issues a challenge, the account stops and waits for you to reconnect rather than pushing through.
You can export or delete your lead data at any time. We do not sell personal data and we do not add your contacts to our own lists. What we collect and why is set out in the Privacy Policy, and how we process data on your behalf is in the Data Processing Addendum.
We rely on a small set of vetted vendors for hosting, database, queue, payments, and email, each under contract with data protection terms. The current list is in the Data Processing Addendum.
Found a security issue? Email security@8leads.io with the details and steps to reproduce. We investigate every report, will not take legal action against good-faith research, and will keep you updated on the fix.