LeadHunter Pro · Last reviewed May 1, 2025
All connections encrypted via Vercel automatic TLS. No unencrypted HTTP traffic permitted.
Supabase on AWS. Data encrypted at rest (AES-256) and in transit (TLS 1.2+).
Managed by Supabase Auth using bcrypt. Plaintext passwords are never stored.
Database policies ensure users only access their own data. No cross-account access.
All keys (Google, Anthropic, Stripe) stored as server-side environment variables. Never exposed to client code.
All payments handled by Stripe. Card data never touches our servers.
Minimum-privilege access — our team only accesses production data to resolve support issues. All database access requires authenticated sessions with row-level security. API endpoints reject unauthenticated requests with a 401 response.
We do not store credit card numbers, CVVs, or full payment details. We do not store your plaintext password. We do not log the full content of AI-generated pitches on our servers after delivery to your browser.
If you discover a security vulnerability, report it to security@leadhunterpro.com before public disclosure. We acknowledge within 48 hours and patch confirmed vulnerabilities within 14 days. We credit responsible disclosures if desired.
In the event of a data breach affecting your personal data, we will notify affected users within 72 hours of becoming aware, per applicable data protection laws. Notifications go to the email address on your account.
Protect your account: use a strong unique password; log out of shared devices; report suspicious activity to support@leadhunterpro.com immediately.