Your outbound data, handled carefully.
8leads ingests sensitive prospect and revenue data. Here is how we protect it. We describe only what is in place today, not aspirations.
Workspace isolation
Every query is scoped to your workspace. Data from one workspace is never returned to another, in the app, the API, or the MCP server.
Encrypted sessions
Sessions use an encrypted, signed cookie. Credentials are hashed, never stored in plain text.
Role-based access
Owner, admin, member, and viewer roles control who can see and do what. The MCP server enforces the same roles for every tool call.
Scoped API keys
Programmatic access uses workspace-scoped API keys you can create and revoke at any time. Keys are stored hashed.
Encrypted connections
All traffic runs over TLS. Provider tokens for connected tools are encrypted at rest.
Hosted on Vercel and Neon
8leads runs on Vercel with a Neon Postgres database, both operated in hardened, managed environments.
Compliance
SOC 2 Type II is in progress. We are happy to walk enterprise teams through our current controls and roadmap. For a security review or a DPA, get in touch.
Found a vulnerability? Email security@8leads.io and we will respond quickly.
Start with security built in.
Workspace isolation and role-based access from day one.