Legal
Data Security
Last updated: 2025
Controls
- HTTPS across the public site and secure application.
- Encryption in transit and encryption at rest.
- Field-level encryption for sensitive identifiers.
- Role-based access and least-privilege principles.
- Multi-factor authentication for administrators.
- Audit logging for sensitive actions.
- Session expiration and secure deletion practices.
What public lead forms do not collect
Public lead forms do not collect Social Security numbers, full bank-account details, driver's-license images, detailed health information, or identity documents. Sensitive information is collected only through a separate secure application process.
What we never put into
Sensitive financial or identity data is never placed into emails, URLs, analytics, session replay, CRM notes, or public file links.
Reporting
To report a security concern, email info@revenuereturned.com.
