That's an interesting point of view. I didn't really put much thought into security, because nothing in this app contains secure information really (besides perhaps the password to login).
It wasn't so much a matter of your security being an option, but rather a matter of the intended customer type. For instance, the only information that could realistically be considered to need security in this app is the specific leads you generate/contact. However, the only companies I've ever worked for or with that consider their leads to be top-secret are large corporations. Hence, the reason the subscription level that includes enhanced security is the "Corporate" account.
the only information that could realistically be considered to need security in this app is the specific leads you generate/contact
How about payment information? Should I expect an unencrypted form submission when I hand over my credit card details? My password gets submitted as plain text and emailed back, will my credit card number be handled the same? From ten seconds on the landing page, and looking at the insecure signup form, I can't tell - and that's probably not what you want your potential customers to be worried about.
I'm not trying to be negative, and from the looks of it I don't think you can actually provide a credit card anywhere on your site yet so you still have time to sort it out, but please give some serious thought to basic security before you start asking people to send you their credit cards.
HECK NO! Anyone who allows payment information to be transmitted unencrypted should be prosecuted and fined at the very least.
That's not really part of the functionality of the service, though, so I was assuming that wasn't the security you were referring to... the actual payment method has nothing to do with the level of subscription.
I don't have anywhere for you to enter credit card info at the moment, because I haven't actually hooked up the merchant account yet. I see no need to spend $50/mo on something (merchant account for LeadNuke) unless it's pulling in more than $50/mo (that's the lean mantra at its finest). However, after this post, it looks like I'll have to get that part operational.
I know you're not trying to be negative, it's certainly a big deal. Web dev (including security) is what I do for a living, so no worries.
It wasn't so much a matter of your security being an option, but rather a matter of the intended customer type. For instance, the only information that could realistically be considered to need security in this app is the specific leads you generate/contact. However, the only companies I've ever worked for or with that consider their leads to be top-secret are large corporations. Hence, the reason the subscription level that includes enhanced security is the "Corporate" account.
But I can see your side as well.