SalesM8 holds the leads you're chasing, the calls you've made and the deals you're closing. Here's exactly how that data is protected — in plain English, with no claims we can't back.
Not a roadmap, not an aspiration — this is how SalesM8 runs right now, in production.
Customer data lives in our database provider's Sydney region — physically on AWS infrastructure in Australia (ap-southeast-2). We don't store your account or lead data offshore.
Every connection to SalesM8 is served over HTTPS with TLS. There is no unencrypted path to the app, the API, or the database.
Data stored in our Sydney database is encrypted at rest on disk by the underlying AWS infrastructure, managed by Supabase, our database provider.
Access is enforced in the database itself with row-level security policies, not just in application code. Your pipeline, notes and exports are scoped to your account.
Billing runs entirely through Stripe, a certified PCI DSS Level 1 payment processor. Your card number is never stored on — or even sent through — SalesM8's servers.
Anonymous and standard sessions are denied direct access to the lead pool; privileged operations run through server-side code with scoped credentials, not from the browser.
SalesM8 is an Australian product for Australian businesses, so the data stays here. Our database runs on Supabase's Sydney region — AWS ap-southeast-2, physically located in Australia. That covers your account, your saved leads, your pipeline and your call logs.
The lead data itself is aggregated from Australian public sources — the Australian Business Register, ASIC, AusTender and state DA portals — so both where it comes from and where it lives are onshore.
Our business model is simple: you pay a flat subscription, we give you leads and the tools to work them. Your data is never the product.
Want your account and data removed? Email leadm8.au@gmail.com and we'll delete it. Details in our Privacy Policy.
SalesM8 is built on a deliberately short list of audited providers. The certifications below belong to those providers — not to SalesM8 itself (see our roadmap further down).
| Provider | What it does | Where data sits | Provider certification |
|---|---|---|---|
| Supabase | Database, authentication and storage | AWS Sydney (ap-southeast-2) | SOC 2 Type II certified provider |
| Vercel | Application hosting and delivery | Global edge delivery; no customer database hosted here | SOC 2 Type II certified provider |
| Stripe | Payments and subscription billing | Stripe-managed infrastructure | PCI DSS Level 1 certified processor |
Plenty of SaaS sites imply certifications they don't hold. We'd rather tell you the truth and let you decide.
Everything SalesM8 runs on is independently audited: Supabase and Vercel hold SOC 2 Type II reports, and Stripe is a PCI DSS Level 1 processor. Your data inherits those controls from day one.
SalesM8 has not yet completed its own SOC 2 audit — we're an early-stage Australian company and we won't pretend otherwise. A SOC 2 program is on our roadmap as the platform grows, and this page will be updated the moment that status changes.
If you believe you've found a vulnerability in SalesM8, tell us directly and we'll investigate. Support is Australian-based and operates on AEST.
Please include steps to reproduce. We ask that you don't access other customers' data while testing.