Built for compliance,
secured by design.
A compliance product should take its own security seriously. Here's exactly how SafeLead protects your consent evidence — no vague promises, just specifics.
Your evidence is encrypted, hashed, and PII-protected
Consent evidence needs to survive legal scrutiny. That means it has to be tamper-proof, encrypted, and careful with personal information from the start.
Encryption at rest and in transit
All data is encrypted with AES-256 at rest and TLS 1.2+ in transit. Certificates, replays, and vault contents are never stored unencrypted.
Content hashing
Every certificate includes a cryptographic hash binding all evidence together. If any field is altered, the hash breaks. Tampering is detectable.
Form inputs masked in replays
Session replays show that typing occurred, but not what was typed. Form values are masked by default — you see the interaction, not the personal data.
Email and phone stored as hashes
Email addresses and phone numbers are stored as irreversible SHA-256 hashes. They can be used for lead matching, but can never be reversed to reveal the original values.
Simple infrastructure. Small attack surface.
We chose fewer vendors and less complexity over more moving parts. The result is infrastructure that's easier to secure and easier to reason about.
Edge-deployed globally
Public-facing endpoints run on a global edge network. Certificate capture and lookups happen close to your users with low latency, wherever they are.
Managed database for structured data
Certificate metadata lives in a managed relational database — serverless, auto-scaling, and built for the fast lookup queries buyers need.
Minimal vendor footprint
The entire infrastructure runs on a small number of established cloud vendors. Less surface area means fewer things to go wrong.
Storage tiers
Hot storage
90 daysDatabase + object storage. Any buyer with a certificate ID can look it up. Free.
Vault
5 yearsBuyer-isolated object storage. Encrypted, immutable. Only the retaining buyer can access it.
Certificates are immutable. Evidence can't be changed after creation.
When a certificate is created, every field — consent text, timestamps, replay, geo data — is bound together with a cryptographic content hash. Change any field and the hash breaks.
Content hash binding
A SHA-256 hash is computed across all evidence fields at creation time. This hash is stored with the certificate and verified on every access.
Immutable once created
Certificates cannot be edited, partially deleted, or rewritten. The evidence captured at the moment of form submission is the evidence that stays.
Chain of custody for litigation
When you export a certificate as PDF or JSON, the content hash travels with it. Opposing counsel can verify the evidence hasn't been altered since capture.
Every organization sees only what's theirs
Publishers control which domains are tracked. Buyers access only their own retained certificates. Both sides are protected from each other by design.
Buyer-isolated vaults
Each buyer's retained certificates are stored in an isolated path within encrypted object storage. No buyer can access another buyer's vault. No cross-tenant access, ever.
Domain allowlisting
Publishers must explicitly add domains before the tracking script captures evidence. The script silently ignores pages on domains that aren't allowlisted.
API key scoping
Buyer API keys are scoped to a single organization. Keys are hashed at the edge and validated without round-trips to the dashboard server.
URL hashing protects publisher IP
Buyers never see the actual URLs where leads were captured. Page URLs and hostnames are shown as SHA-256 hashes — useful for concentration analysis, but the actual landing pages stay private.
Clear rules for how long data lives
We don't keep data longer than necessary, and we don't delete it before you're ready. Here's exactly what happens at every stage.
90-day auto-deletion for unclaimed certificates
If a certificate isn't retained within 90 days, it's permanently deleted — both the database record and the replay file. No charge, no remnant.
5-year vault retention
Retained certificates are stored for 5 years. This matches the record-keeping requirement in the Telemarketing Sales Rule (16 CFR § 310.5), which mandates 5 years of consent documentation.
30-day grace on account closure
When you close your account, you have 30 days to export your data. After that, everything is permanently deleted — vault contents, account data, API keys.
Permanent means permanent
Deleted data is removed from our database and object storage. We don't soft-delete certificates, keep shadow copies, or retain data for analytics after deletion.
Honest about where we are
SafeLead provides evidence tools that help you defend TCPA claims. We don't provide legal advice, and we don't guarantee compliance. Here's what we do and where we stand.
What we provide
- TCPA/TSR-aligned recordkeeping — timestamps, consent text, session replays, and geo data for every form submission
- 5-year retention that matches TSR requirements (16 CFR § 310.5)
- Exportable evidence in PDF, JSON, and standalone HTML replay formats
- Immutable certificates with content hash verification
- PII protection through input masking and one-way hashing
What we don't do
- —We don't provide legal advice. Consult your attorney for compliance guidance specific to your business.
- —We don't guarantee TCPA immunity. No tool can. What we give you is evidence that helps you defend claims.
- —We don't certify consent language. We capture what's on the page — whether that language is legally sufficient is between you and your counsel.
Certifications
SOC 2 Type II is in progress. We'll update this page when the audit is complete. In the meantime, the controls described above — encryption, isolation, hashing, access scoping — are in production today.
Found something? Tell us.
If you discover a security vulnerability, we want to know. Report it responsibly and we'll work with you to fix it.
security@safelead.ai
For security reports, vulnerability disclosures, and security-related questions. We'll acknowledge your report within 2 business days.
Ready to protect your leads?
One script tag for publishers. Free lookups for buyers.
No contracts, no sales calls.