Security & trust

Your pipeline is your business.
We treat it that way.

SalesM8 holds the leads you're chasing, the calls you've made and the deals you're closing. Here's exactly how that data is protected — in plain English, with no claims we can't back.

  • Data hosted in Australia
  • Encrypted in transit + at rest
  • Never sold, never shared
How your data is protected

Six things that are true today.

Not a roadmap, not an aspiration — this is how SalesM8 runs right now, in production.

Hosted in Australia

Customer data lives in our database provider's Sydney region — physically on AWS infrastructure in Australia (ap-southeast-2). We don't store your account or lead data offshore.

Encrypted in transit

Every connection to SalesM8 is served over HTTPS with TLS. There is no unencrypted path to the app, the API, or the database.

Encrypted at rest

Data stored in our Sydney database is encrypted at rest on disk by the underlying AWS infrastructure, managed by Supabase, our database provider.

Row-level access control

Access is enforced in the database itself with row-level security policies, not just in application code. Your pipeline, notes and exports are scoped to your account.

Payments never touch us

Billing runs entirely through Stripe, a certified PCI DSS Level 1 payment processor. Your card number is never stored on — or even sent through — SalesM8's servers.

Least-privilege by default

Anonymous and standard sessions are denied direct access to the lead pool; privileged operations run through server-side code with scoped credentials, not from the browser.

Data residency

Australian data, on Australian soil.

SalesM8 is an Australian product for Australian businesses, so the data stays here. Our database runs on Supabase's Sydney region — AWS ap-southeast-2, physically located in Australia. That covers your account, your saved leads, your pipeline and your call logs.

The lead data itself is aggregated from Australian public sources — the Australian Business Register, ASIC, AusTender and state DA portals — so both where it comes from and where it lives are onshore.

The promise

Your data is yours. Full stop.

Our business model is simple: you pay a flat subscription, we give you leads and the tools to work them. Your data is never the product.

What we do

  • Store your data in Australia (Sydney region)
  • Encrypt every connection and every disk
  • Enforce access rules inside the database
  • Let you delete your account and data on request
  • Tell you honestly what's certified and what isn't

What we never do

  • Sell your data — to anyone, ever
  • Share your pipeline or contacts with advertisers
  • Mine your CRM to feed other customers' results
  • Move your data offshore
  • Claim certifications we don't hold

Want your account and data removed? Email leadm8.au@gmail.com and we'll delete it. Details in our Privacy Policy.

Who touches your data

Three infrastructure partners. No one else.

SalesM8 is built on a deliberately short list of audited providers. The certifications below belong to those providers — not to SalesM8 itself (see our roadmap further down).

Supabase

What it does
Database, authentication and storage
Where data sits
AWS Sydney (ap-southeast-2)
Provider certification
SOC 2 Type II certified provider

Vercel

What it does
Application hosting and delivery
Where data sits
Global edge delivery; no customer database hosted here
Provider certification
SOC 2 Type II certified provider

Stripe

What it does
Payments and subscription billing
Where data sits
Stripe-managed infrastructure
Provider certification
PCI DSS Level 1 certified processor
Certifications

Where we are, honestly.

Plenty of SaaS sites imply certifications they don't hold. We'd rather tell you the truth and let you decide.

Certified infrastructure

Today

Everything SalesM8 runs on is independently audited: Supabase and Vercel hold SOC 2 Type II reports, and Stripe is a PCI DSS Level 1 processor. Your data inherits those controls from day one.

SOC 2 for SalesM8 itself

On the roadmap

SalesM8 has not yet completed its own SOC 2 audit — we're an early-stage Australian company and we won't pretend otherwise. A SOC 2 program is on our roadmap as the platform grows, and this page will be updated the moment that status changes.

Found a security issue?

If you believe you've found a vulnerability in SalesM8, tell us directly and we'll investigate. Support is Australian-based and operates on AEST.

Please include steps to reproduce. We ask that you don't access other customers' data while testing.