Trust
Security at BrokLeads
Last updated: 17 July 2026
Encryption
All traffic between your browser and BrokLeads is encrypted in transit using TLS (HTTPS). Data at rest, including database storage and backups, is encrypted by our infrastructure providers. Account passwords are stored using strong one-way hashing and are never kept in plain text.
Access controls & authentication
- Role-based access control: every user acts within a defined role (e.g. CEO, manager, agent) with only the permissions that role needs.
- API access uses bearer tokens; the web app keeps the session token in a secure, httpOnly cookie that scripts cannot read.
- Internal access to production is limited to authorised personnel on a least-privilege basis.
Per-branch data isolation
BrokLeads is multi-tenant by branch. Every branch-owned record is scoped to its branch at the data layer, and each request is verified against the user’s branch membership, so one agency or branch cannot read another’s data. Attempts to access records outside your branch are rejected.
Infrastructure & availability
The Service runs on reputable cloud infrastructure with managed networking and regular patching. Data is backed up on a routine schedule to support recovery, and we monitor the platform for errors and abnormal activity.
Abuse & bot protection
Public endpoints are rate-limited, and public forms are protected against automated abuse (including honeypot fields and, where enabled, a Cloudflare Turnstile challenge). Provider webhooks are verified before their data is accepted.
Data handling
We process personal data in line with our Privacy Policy. Customers own their data and can export it; on account termination, data is deleted or returned as described in our Terms of Service.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@brokleads.com with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and avoid accessing or modifying data that is not yours. We will acknowledge valid reports and keep you informed of our progress.
Contact
For any security question, reach us at security@brokleads.com.