How we protect your data
Security is not an afterthought. It is built into every layer of our platform and every process in our operations.
Infrastructure
Hosted on WordPress.com Business infrastructure with automatic updates, daily backups, and DDoS protection. TLS encryption for all data in transit.
Application Security
All form inputs are sanitized and escaped. Nonce verification on every submission. Honeypot and rate limiting to prevent automated abuse. Security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy) enabled by default.
Data Handling
Lead data is stored as private custom post types, accessible only to administrators. Consent is logged with timestamp, text, and IP address. Automated retention policies delete leads after a configurable period unless placed on legal hold.
Webhook Security
All webhook payloads are signed with HMAC-SHA256 using a per-site secret. Retry logic with exponential backoff ensures delivery. Every delivery attempt is logged in an auditable delivery log.
We do not claim specific security certifications. Our security posture is based on industry best practices applied consistently across every deployment. For questions about our security practices, contact us.