Trust

Security & compliance posture

You're routing consumer phone calls and personal data through this platform, so you deserve specifics instead of a padlock icon. Here is exactly how lead2inbound is secured, what our compliance tooling enforces, and where we are on SOC 2 — stated honestly.

LAST UPDATED · JULY 5, 2026

Honesty note: our SOC 2 program is in progress, not certified. Controls below are operating today; the formal Type II audit engagement is planned as the platform matures. We will never describe ourselves as "SOC 2 certified" until an auditor says so.

Tenant isolation

Encryption & credentials

Authentication & access

TCPA & calling compliance tooling

Compliance is enforced by the machine, not the manual:

SOC 2 program (in progress)

We operate the following controls today, accreted from day one rather than bolted on before an audit:

The formal SOC 2 Type II audit engagement is planned as the customer base grows. Enterprise buyers who need our control documentation earlier can request it through the contact form.

Data handling & privacy

Incident response

Data incidents are contained first (affected dialing paused, exposed secrets rotated immediately), assessed against the evidence trail, and affected tenants are notified by email within 72 hours — sooner where law or contract requires. Post-mortems are written within five business days.

Reporting a vulnerability

Found something? Please tell us before you tell the internet — use the contact form with "SECURITY" in the message and we'll respond within one business day. We're grateful to researchers who disclose responsibly.