Data Security in LeadConduit

The following data security controls are currently available in LeadConduit

Data retention can be set at the account level. The default and maximum data retention setting is 3 months (100 days). The user can change it under “Settings” to 2 months or 1 month. We can also customize this on the back end for even shorter durations. The trade off with shorter data retention is that the user has less time to look at individual leads for troubleshooting. If reporting is used, that will also follow the same data retention settings. So if a user wanted to see what happened last month, but had data retention set to 1 week, they’d be out of luck.
Certain data types have built-in protection. If these fields are used, the system will automatically mask the value before writing it to the LeadConduit database. This document describes how that works for SSN. Any field created with the “ssn” data type will carry this same protection. Custom fields created with the “credential” data type will behave the same way. Any data that is protected in this way is only available while processing a lead. After the initial lead submission is complete, this data is unavailable (for example in exports).
Certain standard fields in LeadConduit are treated specially for aggregation purposes. We make an effort to keep PII out of reports. For example, you cannot create a report that shows lead count broken out by phone number. You can, however, create a report that shows lead count broken out by the phone number area code. Same goes for email. You cannot create a report broken out by email address, but you can create a report broken out by the email address domain. This is especially useful if you are using “shared” reports to provide reporting to vendors or buyers because it prevents an external party from getting at PII via reporting.