TRUST
Security
Last updated: June 26, 2026
Our approach
Security isn’t a feature we bolted on, it shapes how FindyLeads is built. We collect only the data we need to run the Service, encrypt it, and give you control over it. This page summarizes the controls we have in place.
Encryption
All traffic between your browser and FindyLeads is encrypted with SSL/TLS. Data is encrypted at rest in our databases, and backups are encrypted as well.
Authentication & access
Passwords are never stored in plain text, they’re hashed with bcrypt. API access is authenticated with signed tokens, and internal access to production systems is limited to the people who need it, on a least-privilege basis.
Account safety by design
FindyLeads never connects to or posts from your Reddit or LinkedIn accounts. For social outreach we only generate drafts that you copy and post yourself, so your accounts are never exposed to automation and can’t be flagged or banned on our behalf.
For email, you connect your own inbox via secure OAuth, we request the minimum scopes required to send and read your campaign mail, and you can revoke access at any time from your provider’s settings.
Payments
Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. We never see or store your full card number or CVV.
Your data, your control
You can export your data or delete your account at any time. When you delete your account, we remove your personal data within 30 days, except where retention is required by law. See our Privacy Policy for details.
Responsible disclosure
Found a vulnerability? We appreciate your help. Email security@findyleads.com with the details and steps to reproduce. We’ll acknowledge your report and keep you updated as we investigate. Please give us a reasonable window to fix the issue before disclosing it publicly.