Security & Compliance

LeadNarline is built security-first. We use industry-standard encryption (TLS 1.3), row-level security (RLS), and rate limiting to protect your account and data.

lock

Encryption in transit

All traffic is served over HTTPS/TLS with HSTS enforced, so data between you and LeadNarline is encrypted end-to-end.

database

Database security

Postgres row-level security (RLS) is enabled on every table. The app talks to the database only through a trusted server using a service-role key — browsers never touch it directly.

key

Authentication

Passwords are hashed with bcrypt and never stored in plain text. Sessions use signed, algorithm-pinned JWTs.

shield

Abuse protection

Per-IP rate limiting guards auth and the data endpoints, and our website analyzer blocks SSRF attempts (no probing internal/private addresses).

verified_user

Hardened headers

Content-Security-Policy, X-Frame-Options, X-Content-Type-Options and a strict Referrer-Policy are set on every response.

bug_report

Responsible disclosure

Found a vulnerability? Email narlineweb@gmail.com and we will respond promptly. Please do not publicly disclose before we fix it.

Questions about security?

We take the protection of your account and data seriously. If you have questions about how LeadNarline handles security, get in touch.