Security · By Design

Enterprise-grade security, out of the box.

LandDesk was designed with the same security posture the founder has spent twenty years building into enterprise CRM systems. Nothing here is configuration — these controls are always on.

Concrete controls, concrete claims.

Authentication

✓ bcrypt password hashing
✓ Automatic account lockout on failed attempts
✓ JWT sessions delivered in HttpOnly cookies — never localStorage
✓ CSRF protection on all state-changing endpoints

Data

✓ AES-256-GCM encryption for all stored credentials and API keys
✓ Per-tenant data isolation enforced at the query level — not the application layer
✓ Zod-based input validation on every API endpoint

Infrastructure

✓ Edge-native architecture — runs on a global network with no cold starts
✓ Rate limiting on all public-facing surfaces
✓ File upload validation with magic byte checking
✓ Webhook replay protection

Telephony & mail

✓ Per-tenant phone number isolation
✓ A2P 10DLC compliance handled at the platform level
✓ Address verification before every mail send

Your data belongs to you.

Every entity in LandDesk is fully exportable via CSV at any time. Large exports run as background jobs with a ZIP download. If you ever decide LandDesk isn't for you, you leave with every record, every conversation, every document. No formal exit process. No "we'll have that ready in 30 days." Just an export button.

Messaging compliance.

A2P 10DLC registration and carrier compliance are handled at the platform level — tenants don't need to register messaging campaigns with carriers themselves. The platform maintains the necessary registrations and routes your messaging through compliant numbers.

Security contact

Have a security question, a penetration-test inquiry, or a vulnerability to report? Email security@landdesk.ai. We respond within one business day.