Summary of LeadSquared Security Features

1. Feature Overview

LeadSquared is ISO 27001:2013 certified and HIPAA compliant. LeadSquared was built to deliver a robust and secure experience. In addition to our process and infrastructure-level safeguards, the LeadSquared application itself has a number of security-related features. This article summarizes the list of available features and describes how you can use them to protect your account.

Note: You can also download a pdf version of our security features.


2. Prerequisites

  • All security-related features (except user-level two-factor authentication) must be set up by the LeadSquared administrator user.
  • Some features listed in the article are not available on all plans. Please contact us at for more details.


3. User Access

These features let you configure the level of access available to your users.

FeatureDescriptionHelp Documentation
User RolesEach LeadSquared user role comes with its own set of restrictions for accessing features and data. Assigning roles based on how you want users to access your account.User Roles and Access Rights
Sales GroupsBy default, sales users can only view their own leads. However, you can give certain sales users (team leads, managers, etc.) special privileges through sales groups.Managing Lead and Account Access to Sales Users – Sales Groups
Permission TemplatesPermission templates give you granular level control over leads, activities and tasks. In addition, they let you control access to features like imports, exports, API, dashboards and reports.
IP WhitelistingYou can whitelist the IP addresses that can access LeadSquared. Logins through suspect IPs (tors/anonymous proxies) will be automatically disabled.Restrict User Access to LeadSquared using IP Whitelisting


4. Login and Session Security

These features help secure your account by providing additional security capabilities.

FeatureDescriptionHelp Documentation
Password EncryptionWhen enabled, passwords will be encrypted and sent from the browser to the server. Users will not be able to ‘Remember Password’ and the password won’t be stored anywhere in the browser cache.LeadSquared Login Security Settings
Enable Dynamic Token for Mobile AppLets you enable an additional layer of security for communicating between the app and server.
Two Factor AuthenticationTwo-factor authentication can be mandated for all users or configured at the individual user level.LeadSquared Security Settings – Two Factor Authentication
Authentication ProviderAs an alternative to logging in with your LeadSquared credentials, you can configure your account to enable log-in through the following third-party authentication providers –

  • Google
  • Active Directory Federation Services (ADFS)
  • API
LeadSquared Security Settings – Authentication Provider
Trusted DeviceUsers can log into their LeadSquared account without verifying themselves through Two-Factor Authentication (2FA) each timeAuthentication – Trusted Device
Session ManagementLogin Expiration Time –
When enabled, users will be required to log in again, after the configured time elapses. Session Timeout –
When enabled, a user who remains idle for the configured time will be automatically logged out.
LeadSquared Security Settings – Session Management
Force Logout All UsersYou may want to force logout users from your account for a number of possible reasons –

  • LeadSquared may have added new features/enhancements or you may have opted for additional features or a change of plan. Sometimes, this requires users to log back in.
  • If you suspect that your account has been compromised, you can force log-out all users as the first safety precaution.
  • Some users prefer not to log out of their accounts which may pose security risks.
LeadSquared Security Settings – Login Settings
Set Password Policy for usersCustomize the password policy of your LeadSquared account (e.g., minimum password length allowed, minimum special characters allowed, etc.) to comply with your organization’s policies.LeadSquared Security Settings – Set password Policy


5. Landing Page Security

The following security feature help secure landing pages you create using LeadSquared –

  • Google reCAPTCHA
    reCAPTCHA protects your landing pages against malicious software and spam. To learn how to embed them in your landing page forms, see Google reCAPTCHA on Landing Pages.
  • Allow submissions from registered domains only
    You can restrict the domains on which form submissions will be accepted.


6. Audit Logs

Audit logs provide numerous benefits including better transparency, record integrity and accuracy, and security of sensitive or vital information. A weekly review of audit log reports in LeadSquared will keep you on top of any activity in your account.

  • Audit Log Reports
    List of reports that help you track changes made to users, leads, automations, etc.
  • Request History
    Monitor all bulk requests such as import, export and delete, and also the history of support access requests.


7. API Security

LeadSquared APIs support Transport Layer Security (TLS) encryption. TLS is a standard that keeps an internet connection private and checks that the data sent between two systems (a server and a server, or a server and a client) is encrypted and unmodified. While using our APIs, we recommend following these best practices –
  • Keep your API keys secret
    We use access keys and secret keys (unique for each user) for authentication. These keys give you access to LeadSquared functionality and data, so they should always be kept secret.
  • IP Whitelisting
    With IP whitelisting, only requests made from specified IPs will be accepted. Whitelist the IPs you’ll be making API calls from. To learn more, see Restrict User Access to LeadSquared using IP Whitelisting.
  • Restricting API access through permission templates
    For users who don’t need access to API, we recommend disabling API access through permission templates. To learn more, see How to Create a Permission Template.
  • Reviewing API Logs
    View your API logs to check for unauthorized access. For details, see API Logs.


8. Data Protection and Privacy

These features were created with GDPR in mind. They enable you to provide transparency to your leads in relation to their data and privacy.

FeatureDescriptionHelp Documentation
Cookie ConsentAs part of the privacy settings, you can allow end-users to control whether or not they would like to enable cookies on your website (where the LeadSquared Tracking Script has been installed)Data Protection and Privacy Settings
Email Opt-inBy using the email opt-in setting together with the email opt-in automation action, you can let your leads decide whether or not they want to receive emails from your organization.
Personal Data ProtectionWhen enabled, it automatically creates a landing page in your account, that you can publish to existing leads and present them with the following options –

  • View their data
  • Remove their data
  • Update their data
  • Do Not Track


Any Questions?

We hope this article was helpful. Please leave us a comment below if you have more questions.

Was this Helpful?

Notify of
Inline Feedbacks
View all comments