Security
Overview
Dayleeds is designed to read, organize, and clarify your synced HubSpot sales activity, not to change your CRM. This page summarizes how we currently approach security and what we are working on. It is analytics-focused and customer-authorized by design.
Customer-authorized access
- You authorize the HubSpot connection through OAuth, and access is read-only.
- We aim to request least-privilege scopes where possible.
- You can revoke access at any time from HubSpot or from Dayleeds.
How we handle data
- HubSpot authorization tokens are stored as ciphertext rather than plain text.
- Secrets, tokens, and raw OAuth payloads are never shown in the product interface.
- Reply threads and internal teammate email can be excluded from reporting.
- CSV exports are limited to your own workspace data.
Development and production separation
Development-only tools and demo data are gated so they do not run in production. Dayleeds is an independent product and is not affiliated with, endorsed by, or sponsored by HubSpot, Inc.
Reporting a vulnerability
Please report suspected vulnerabilities to security@dayleeds.com (or support@dayleeds.com). We aim to acknowledge reports and investigate them.
What we are working on
Security is an ongoing effort. Planned improvements currently include:
- rate limiting on sensitive endpoints;
- audit logs for account and connection activity;
- stronger production monitoring;
- a formal, independent security review;
- optional independent security certifications in the future.
These items are planned and not yet complete. Additional security documentation is available on request.