Exporb Security
Your Data, Protected
How your trade show leads are stored, encrypted, and access-controlled. Built to support your GDPR and CCPA rights. We don't sell your data.
Security at a Glance
Encrypted Everywhere
AES-256 at rest, TLS 1.3 in transit. Your data is protected from the moment it leaves your device.
Built for GDPR rights
Full data export across all 13 tables, account deletion, and transparent data handling.
Row-Level Security
RLS policies on every database table. Users only access their own data, enforced at the database layer.
Role-Based Access
Owner, Admin, and Editor roles. Granular permissions so team members see only what they should.
Data Encryption
AES-256 Encryption at Rest
All stored data, including contacts, voice recordings, photos, and card images, is encrypted using AES-256.
TLS 1.3 in Transit
Every API call, file upload, and data sync uses TLS 1.3 encryption. No data travels unencrypted.
Local Offline Storage
Offline-captured data is stored securely on your device. Synced to encrypted cloud storage when reconnected.
AES-256 + TLS 1.3
Industry-standard encryption at every layer
GDPR Rights Support
Exporb is built to support the data rights GDPR gives you — export, deletion, and a processing agreement on request.
Full Data Export
Export all your data across all 13 database tables. CSV, JSON, and PDF formats available.
Account Deletion
Delete your entire account and all associated data at any time. Permanently removed from our servers.
Data Processing Agreement
DPA available on request for business customers. Email legal@exporb.com.
Access Control
Fine-grained permissions at every level, from database queries to team management.
Role-Based Permissions
Full account control, billing, team management, all data
Team management, all leads and events, export capabilities
Create and edit leads and events, view team dashboard
Database Security
Row-Level Security (RLS) on ALL database tables. Users can only query their own data.
Parameterized queries on all database operations to mitigate SQL injection.
DOMPurify sanitization on user-facing inputs to mitigate XSS.
API Security
Every endpoint is authenticated and validated. No exceptions.
JWT Authentication
All API endpoints require valid JWT tokens. Tokens are short-lived and refreshed automatically.
Stripe Webhook Verification
Stripe webhook signatures are verified on every payment event. Prevents spoofed payment notifications.
Input Validation
DOMPurify sanitization on user-facing inputs. Parameterized queries on all database operations.
AI Cost Analytics
Every AI operation is tracked and metered. Prevents abuse and provides transparent credit usage reporting.
Share Link Security
Exporb lets you share contacts and events via secure links. Every share link has built-in protections.
4-Digit PIN Protection
Every share link requires a PIN to access.
30-Day Auto-Expiry
Links expire automatically after 30 days.
Brute-Force Prevention
Auto-revoke after 10 failed PIN attempts.
Monitoring & Incident Response
Continuous monitoring to detect and respond to issues before they affect your data.
Sentry Error Tracking
Errors are captured, categorized, and alerted in real time so we can resolve issues fast.
AI Cost Analytics
Every AI operation is tracked per user. Prevents abuse and ensures transparent credit usage.
Security Questions
Your Data, Your Control
Encrypted storage, access-controlled, and built to support your GDPR rights. We don't sell your data.