Security
Security is foundational to SalesIQ. Your lead data, customer information, and business intelligence are protected by multiple layers of security.
Infrastructure Security
๐ Encryption at Rest
All data stored on Supabase PostgreSQL is encrypted with AES-256 at rest. Database backups are also encrypted.
๐ Encryption in Transit
All connections use TLS 1.3 (HTTPS). API calls, webhook data, and browser sessions are encrypted end-to-end.
โ๏ธ Cloud Hosting
Hosted on Vercel's edge network with automatic DDoS protection, CDN caching, and 99.99% uptime SLA.
๐๏ธ Database Isolation
Each company's data is isolated via companyId-based multi-tenancy. No cross-tenant data access is possible.
Application Security
๐ค Role-Based Access Control (RBAC)
5 roles with granular permissions: Super Admin, Company Master, Manager, Sales Executive, Pre-Sales. Each role sees only what they need.
๐ก๏ธ Input Sanitization (XSS Protection)
All user inputs are sanitized using DOMPurify before storage and display. This prevents cross-site scripting attacks.
๐ Complete Audit Logging
Every action โ lead creation, stage change, booking, payment, API key generation โ is logged with timestamp, user, and details.
๐ Secure Authentication
Google OAuth 2.0 via NextAuth.js. No passwords stored. Session tokens are HTTP-only, secure, and same-site.
๐ API Key Security
API keys use cryptographically random 32-byte hex values with 'sqk_live_' prefix. Keys can be regenerated or revoked instantly.
Data Practices
- โ We never sell your data to third parties
- โ We never access your lead data unless you explicitly request support
- โ You can export all your data at any time via CSV export
- โ Account deletion removes all associated data within 30 days
- โ Regular security audits and vulnerability assessments
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly to security@megallow.com. We take all reports seriously and will respond within 24 hours.