Skip to main content

Data Security


Leadbright is designed with a high level of security in mind. With Leadbright, you can always be assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.


Leadbright allows users to easily track and analyze their website data and provides valuable insights to strengthen your online efforts. The tool collects all clicks and other events coming from a User’s website. Providing the highest level of security for our Users and meeting the requirements of the GDPR and other privacy regulations, we don’t save any personal data, not even the Visitors’ IP addresses, by default. Leadbright’s architecture was designed in a way we can offer aggregative and meaningful data without risking private data of our Users and our Users’ Visitors.

The service only works when the user adds their personalized Leadbright script, a Javascript tracking code, in the head tags of their web pages. When a Visitor accesses the web page, the Leadbright script fetches the appropriate configuration and applies the changes on the browser-side by manipulating the DOM / HTML as it loads. Leadbright only interfaces with the front-end of the User’s website and does not require any access to their backend system and database. All data is sent via secure https.


User data

When a user signs up to the Leadbright Services, we store the data provided through the signup form, such as their email address and their website. For paying Users, we also store personal data, such as payment information. It is each User’s voluntary decision whether to provide us with any such personal data, but refusal to provide any required data may result in us not being able to register the User and enable them to receive our Services.

All personal data is saved on OAuth and Stripe. We use these services for the highest level of security and do not store any personal information, such as credit card.

Users’ Visitors data

By default, Leadbright only collects non-identifiable information about our Users’ Visitors. Leadbright stores the following information for the Visitors who visit the User’s website:

  • Total number of visitors to the website.
  • Total number of conversions for a User’s key metrics.
  • Events performed during the Visitor’s sessions on the website.
  • The channel a visitor came from.
  • Platform and browser used.
  • The country browsed from.


Leadbright uses cookies to run tests and analyze the User’s website visitor data. The cookies keep track of the variation the Visitor has viewed and serve the same variation to the Visitor consistently and track key metrics completed by the Visitor.


Like most SaaS tools, Leadbright is hosted on Microsoft Azure’ industry-leading, high-security servers in the United States of America, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law. For further information, please visit Microsoft Azure, What is Azure, and Azure Data Residency.

Leadbright service providers that store or process your Personal Information on Leadbright’s behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.


Code security

Leadbright code is stored in a GitHub system. Leadbright employs strict role-based security/passwords for access to the code. Commits to production code are strictly reviewed and approval is restricted, after passing Unit Testing and QA in Test and Staging. There is a daily backup of the database data in Microsoft Azure storage service.

Application access

Users are always connected to the Leadbright web-app via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. Users can assign roles and permissions to team members given access to the account or selected domains added to the account to ensure the appropriate level of access to their Leadbright account.

Updated January 28, 2022