Security and Data Protection

More context on the security implications of implementing a LeadExporter custom integration.

Security measures

The following security measures are in place in a LeadExporter.io custom integration to assure the safety of your data:

HTTPS / SSL

All communication between the Chrome extension and the LeadExporter.io backend, as well as the communication between the LeadExporter.io backend and your API endpoints, happens over HTTPS with an SSL certificate (assuming your endpoints are available through HTTPS). This means nobody can intercept or modify any messages sent.

Secure API endpoints

The API endpoints LeadExporter.io connects to, are only accessible for LeadExporter.io (through a bearer token which is stored encrypted). This means that if any bad actor would know of the endpoints, (s)he cannot use them since this actor is not authorized to do so. In addition, rate limiting makes it impossible for bad actors to try to break into the endpoint.

Authenticated users

When users create contacts through LeadExporter.io, they do so in their own name. That way you maintain full visibility and accountability on the data processing by users. Users give LeadExporter.io explicit permission to create data under their name through oAuth2 authentication. This is an industry standard safe way of authentication without sharing any passwords with LeadExporter.io.

Safe hardware

LeadExporter.io runs on servers of DigitalOcean, a market leader in infrastructure as a service, with an additional security layer by Cloudflare, which protects it from attacks.

Data Protection

API endpoints process the minimum required data

The API endpoints are designed in a way that they only send / expect the minimum amount of data necessary for LeadExporter.io to work. For example, when LeadExporter.io does a search in your backend system to see if a contact already exists, it will only use the linkedIn url and name to search, and only return the id, title and company name of any contacts found (no other details of the contacts in your backend are exposed).

LeadExporter.io does not store your data

The LeadExporter.io backend is just a pass-through for connecting the Chrome Extension to your backend system. There is no need for LeadExporter.io to store the data it processes. So even if LeadExporter.io were to be hacked, your data remains safe.

LeadExporter.io does not delete

LeadExporter.io never deletes data in your backend system. As you can see in the API documentation, there is no endpoint for deleting records. LeadExporter only inserts, updates and searches for records.

LeadExporter.io input validation

For each field that shows in the Chrome extension, the following input validation can be setup: - Field can be made required. The form cannot be submitted if the field is blank. - Field can be of the following types: * Text: allows any string input * Number: only numbers allowed * E-mail: only emails allowed * Picklist: only a limited set of pre-defined values allowed

API endpoints allow for additional validation

The API endpoints described in this documentation expect a certain input and output, but allow you to build in additional validation. For example, an additional validation could be that field B needs to be filled in field A is filled in. By making the endpoint throw an error if field B is empty, the user will be able to see the validation error and complete field A in the Chrome extension and push the data successfully.