Checkout
Payments are handled by Gumroad. LeadReply does not collect card numbers, bank information, or payment credentials through the website intake forms.
Security
LeadReply is a practical service for follow-up reports, not a place to send payment credentials, private customer records, or sensitive account access. This page explains how the public site and intake flow are handled.

Payments are handled by Gumroad. LeadReply does not collect card numbers, bank information, or payment credentials through the website intake forms.
The public site is served over HTTPS with HSTS. Security headers are applied at the Cloudflare Worker front door.
The domain is configured for Cloudflare Email Routing and Email Sending with SPF, DKIM, and DMARC records for the `getleadreply.com` domain.
Public forms use server-side required-field checks, email validation, length limits, file-upload rejection, honeypot handling, origin checks, and rate limiting.
Valid intake, contact, and checklist submissions are stored in Cloudflare KV so the request is captured even if email delivery is delayed.
The front-door Worker blocks common internal, package, source-map, markdown, config, audit, and staging paths from public access.
LeadReply needs enough context to prepare a follow-up report, but it does not need secrets. Do not send card numbers, passwords, personal identity documents, private customer financial data, account credentials, or API keys.
LeadReply uses a 90-day deletion or archive default for intake material after delivery unless a longer period is needed for support, dispute handling, legal obligations, or customer-requested follow-up.
LeadReply is not claiming SOC 2, HIPAA, PCI, or other formal certification. Payment processing happens through Gumroad, and the service is intended for ordinary business follow-up context rather than regulated or highly sensitive data.
Questions about security or data handling can be sent to hello@getleadreply.com.