Data Security Practices for Protecting Lead Information
How Clean Leads 365 protects your data and supports your compliance requirements. Transparency about what we do—and what we don't.
How We Protect Your Data
Data Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials are stored in secure vaults.
Infrastructure Security
Hosted on SOC 2 compliant cloud infrastructure with regular security audits, intrusion detection, and automated threat monitoring.
Access Controls
Role-based access controls, multi-factor authentication, and audit logging for all data access and exports.
Compliance Framework
Designed to support GDPR, CCPA, and TCPA compliance requirements with documented data handling procedures.
Data Handling Practices
Data Retention
Customer data is retained only as long as necessary for service delivery. Export history is purged after 90 days by default.
Data Minimization
We collect and process only the data necessary to deliver our services. No unnecessary tracking or profiling.
Vendor Management
All third-party vendors are vetted for security practices and bound by data processing agreements.
Incident Response
Documented incident response procedures with 24-hour notification commitment for any security events affecting customer data.
Compliance Support
DNC Screening
Federal and state Do Not Call registry screening on all phone exports
TCPA Guidance
Documentation and best practices for compliant telephone outreach
CAN-SPAM
Email data sourced from opt-in and business sources with unsubscribe support
GDPR
EU data subject rights supported; data processing addendum available
CCPA
California consumer privacy rights supported; data deletion requests honored
Limitations
Important context about our security and compliance posture.
- Clean Leads 365 provides tools and data to support compliance, but users are responsible for their own regulatory compliance
- We are not a law firm and do not provide legal advice on compliance matters
- Compliance certifications (SOC 2, ISO 27001) are in progress but not yet completed
- Some compliance features may require specific plan tiers or additional configuration
- DNC screening covers federal and most state registries, but some local registries may not be included
Security FAQs
Is Clean Leads 365 SOC 2 certified?
We are currently in the SOC 2 Type II certification process. Our infrastructure is hosted on SOC 2 compliant cloud providers, and we follow SOC 2 security controls. Certification is expected by Q3 2025.
How do you handle data breaches?
We have documented incident response procedures. In the event of a security incident affecting customer data, we commit to notifying affected customers within 24 hours and providing detailed information about the scope and remediation steps.
Can I get a Data Processing Agreement (DPA)?
Yes, we provide DPAs for customers who require them for GDPR compliance. Contact our team to request a signed DPA.
Where is my data stored?
Customer data is stored in SOC 2 compliant data centers in the United States. We can discuss data residency requirements for enterprise customers with specific geographic needs.
Do you sell or share customer data?
No. Customer upload data and export history are never sold, shared, or used for any purpose other than delivering the services you requested.
How can I delete my data?
You can request complete data deletion through your account settings or by contacting support. We honor deletion requests within 30 days in accordance with GDPR and CCPA requirements.
Questions About Security?
Contact our team for specific security documentation or to discuss your compliance requirements.