How RefireLeads Protects Your Dealership Data

Every piece of personally identifiable information (PII) stored in our database is encrypted using AES-256-GCM before it is written. This is the same encryption standard used by banks and government agencies.

What this means: even if someone gained unauthorized access to the raw database, all customer phone numbers, names, and conversation content would be unreadable gibberish without the encryption key.

The encryption key is stored separately from the database in environment-level secrets, never in code or version control.

RefireLeads is a multi-tenant platform. Multiple dealerships share the same infrastructure. Row-Level Security (RLS) policies at the database level ensure that:

• Dealership A can never see Dealership B data
• Team members can only access their own dealership
• Admin queries are limited to authorized scope
• No application code bug can accidentally expose cross-tenant data

This is enforced at the PostgreSQL level, meaning even direct database queries are filtered.

Twilio sends webhook requests to our servers when messages arrive. Without verification, an attacker could forge these requests and inject fake conversations.

RefireLeads validates every inbound webhook using Twilio cryptographic signature verification. The X-Twilio-Signature header is checked against the request body and our auth token. Invalid signatures are rejected with a 403 response.

Every API endpoint is protected by rate limiting:

• Authentication routes: 5 requests per minute
• Standard API calls: 30 requests per minute
• Webhook endpoints: 100 requests per minute
• Campaign launches: 3 per minute (prevents accidental double-sends)

This prevents brute force attacks, protects your Twilio spend from runaway scripts, and ensures system stability under load.

Every piece of data entering the system passes through strict validation:

• Phone numbers are validated as proper E.164 format
• Message bodies are size-limited and sanitized
• CSV uploads are type-checked and content-scanned
• API request bodies are validated against strict schemas using Zod

Cross-site scripting (XSS), SQL injection, and other injection attacks are blocked at the application boundary.

All RefireLeads pages include hardened HTTP security headers:

• Strict-Transport-Security: Forces HTTPS connections
• X-Frame-Options DENY: Prevents clickjacking attacks
• Content-Security-Policy: Restricts what scripts and resources can load
• X-Content-Type-Options: Prevents MIME type sniffing attacks
• Permissions-Policy: Disables unnecessary browser APIs

In production, all demo and development shortcuts are completely disabled:

• No demo login bypass
• No unauthenticated dashboard access
• Twilio signature verification is mandatory (not skippable)
• All environment variables must be configured

RefireLeads runs on services that maintain SOC 2 compliance:

• Supabase (Database): SOC 2 Type II, encrypted at rest, daily backups
• Vercel (Hosting): SOC 2 Type II, DDoS protection, global edge network
• Twilio (SMS): SOC 2 Type II, carrier-grade security

- Never store Twilio Auth Tokens in the database - Never log full phone numbers in plaintext - Never expose service-level keys to client-side code - Never send PII in URL parameters - Never store passwords (Supabase Auth handles this with bcrypt)

While RefireLeads provides the security infrastructure, dealerships should also:

• Use strong passwords for team accounts
• Limit team member access to what they need
• Review audit logs periodically
• Report any suspicious activity immediately
• Keep their Twilio account credentials confidential