Security

Security and data handling for LeadReply.

LeadReply is a practical service for follow-up reports, not a place to send payment credentials, private customer records, or sensitive account access. This page explains how the public site and intake flow are handled.

LeadReply lead tracker and checklist used for secure follow-up intake

Checkout

Payments are handled by Gumroad. LeadReply does not collect card numbers, bank information, or payment credentials through the website intake forms.

Transport security

The public site is served over HTTPS with HSTS. Security headers are applied at the Cloudflare Worker front door.

Email authentication

The domain is configured for Cloudflare Email Routing and Email Sending with SPF, DKIM, and DMARC records for the `getleadreply.com` domain.

Form protection

Public forms use server-side required-field checks, email validation, length limits, file-upload rejection, honeypot handling, origin checks, and rate limiting.

Submission storage

Valid intake, contact, and checklist submissions are stored in Cloudflare KV so the request is captured even if email delivery is delayed.

Public route controls

The front-door Worker blocks common internal, package, source-map, markdown, config, audit, and staging paths from public access.

What not to send

LeadReply needs enough context to prepare a follow-up report, but it does not need secrets. Do not send card numbers, passwords, personal identity documents, private customer financial data, account credentials, or API keys.

Retention

LeadReply uses a 90-day deletion or archive default for intake material after delivery unless a longer period is needed for support, dispute handling, legal obligations, or customer-requested follow-up.

Limits

LeadReply is not claiming SOC 2, HIPAA, PCI, or other formal certification. Payment processing happens through Gumroad, and the service is intended for ordinary business follow-up context rather than regulated or highly sensitive data.

Report a concern

Questions about security or data handling can be sent to hello@getleadreply.com.