Maps to Lead
PricingSign in
Back to home

Security

Last updated: April 13, 2025

Keeping your account and data secure is a core responsibility of ours. This page describes how Maps to Lead is built and operated to protect you.

Infrastructure

Maps to Lead runs on servers located in the European Union. Our infrastructure is managed through a reputable cloud provider with physical security controls, redundancy, and 24/7 monitoring. We do not run any services on personal or on-premises hardware.

Data in transit

All traffic between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS sitewide and redirect all plain-HTTP requests. API calls to Google Maps Platform and our payment processor are also made over encrypted connections.

Data at rest

Data stored in our PostgreSQL database is encrypted at rest using AES-256. This includes your account information, search history, and enrichment results. Database backups are encrypted with the same standard.

Authentication

  • Magic links - email-based sign-in links are single-use and expire after 5 minutes. We never send or store passwords.
  • Google OAuth - when you sign in with Google, we receive only a verified identity token; we never see or store your Google password.
  • Sessions - sessions are stored as signed, HTTP-only cookies with a fixed expiry. They cannot be read by JavaScript and are invalidated on sign-out.

Payment security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never receive, process, or store your card number, CVV, or any other raw payment data. Maps to Lead stores only your Stripe customer ID and subscription status.

Access controls

  • Production database access is restricted to a minimal set of services and requires authenticated, encrypted connections.
  • No Maps to Lead employee has standing access to your personal data for support or operational purposes without a specific, logged reason.
  • Administrative interfaces are protected by strong credentials and are not exposed to the public internet.

Dependency and supply-chain security

We pin and regularly audit third-party dependencies. Automated tooling flags known vulnerabilities in our dependency tree. We apply security patches promptly.

Responsible disclosure

If you discover a security vulnerability in Maps to Lead, please report it to us privately before disclosing it publicly. Email security@mapstolead.com with a clear description of the issue and steps to reproduce it. We will acknowledge your report within 2 business days and aim to resolve confirmed issues within 30 days. We appreciate responsible disclosure and will not take legal action against researchers who act in good faith.

Incident response

In the event of a security incident affecting your data, we will notify affected users by email within 72 hours of becoming aware of the breach, in accordance with GDPR requirements. The notification will describe what happened, what data was affected, and what steps we are taking to address the issue.

Questions

For any security-related question, email us at security@mapstolead.com.