Security overview

Traffic between your browser and our application is protected with TLS (HTTPS). Our infrastructure providers apply industry-standard protections for data at rest as part of their platforms; we rely on those controls in addition to application-level access rules.

Broker dashboard access requires authentication. Data is organized by customer account (tenant) so that routine product access is limited to the broker who owns that workspace, enforced by application logic and database policies appropriate to our architecture.

Applicant documents are stored in private cloud object storage associated with your account, not as anonymous public downloads. Access for viewing or export is intended to flow through the product under the broker's authenticated session (and related server checks), rather than through long-lived public links.

Our internal admin tools are designed for operating the business (for example plan configuration, high-level usage analytics, and support of the platform). They are not intended as a day-to-day interface for browsing tenant lead contact details, application fields, or uploaded documents.

A small number of authorized personnel may have the ability to access production systems for security, reliability, debugging serious incidents, or legal compliance. Such access should be limited to what is necessary and consistent with our agreements and policies. This is standard for hosted software; it is different from end-to-end encryption where the provider never has technical access to plaintext.

Lead Agent is built as software for brokers, not as a lead resale or data brokerage operation. Internal access exists to run and protect the platform—not to harvest or monetize your book of business for unrelated commercial purposes. For a fuller statement, see our Privacy Policy — lead ownership and resale.

We use third-party monitoring tools (including Sentry) to capture errors, diagnose outages, and improve reliability. Those tools may process technical metadata, stack traces, and related diagnostic payloads. Depending on configuration, we may also use performance tracing or Session Replay for a subset of traffic so we can understand failures in context. Details—including other vendors such as Vercel Analytics—appear under "Subprocessors" and technical data in our Privacy Policy.

We depend on reputable infrastructure and service providers (for example hosting, database, storage, payments, AI, email, and caching). A non-exhaustive list and more context appear under "Subprocessors" in our Privacy Policy.

We are an early-stage product. We do not claim SOC 2 Type II, ISO 27001, or similar certifications unless and until we publish them here. As we grow, we expect to mature logging, access reviews, vendor diligence, and formal policies in line with customer expectations.

If you believe you have found a vulnerability affecting Lead Agent, please contact privacy@lendnet.io with enough detail to reproduce the issue. We appreciate responsible disclosure.