Security and responsible AI for prospect research.
LeadBrief AI is being built for public website research, saved briefs, workspace access, print-ready exports, and future API/MCP integrations. This page explains the operating principles behind data handling and responsible AI use.
Security posture
LeadBrief AI is designed as a hosted business research product with authenticated workspaces, role-aware app areas, usage records, billing boundaries, and future scoped API keys. Security work focuses on limiting access to workspace data, keeping sensitive operations on the server, and making integrations explicit instead of hidden behind browser-only state.
Authentication
Authentication is handled through Supabase Auth. Sign-in flows use provider or email-link authentication and server-managed session cookies so users can return to their workspace without treating local page state as the source of truth.
Payments
When subscriptions, credit purchases, or Founding Access reservations are enabled, Stripe handles checkout and payment method collection. LeadBrief AI stores the records needed to honor access and future credits, including the intended $15 in future LeadBrief credits, but it does not store full payment card numbers.
AI use
AI-generated briefs should be treated as research assistance, not final client advice. The product is designed to produce useful structure, assumptions, discovery questions, and recommendations, while leaving human review and final communication decisions with the user.
Data minimization
Users should only submit public business URLs and business context they are allowed to process. The product should not be used for private portals, credentials, regulated sensitive data, confidential client files, or information that cannot be shared with hosted AI and infrastructure providers.
Future API and MCP access
Planned API and MCP access should use scoped keys, workspace boundaries, rate limits, auditability, and explicit permissions. External systems connected to LeadBrief AI are responsible for how exported brief data is stored, displayed, or shared downstream.