Trust & Security at LEAD
At LEAD we are always working to keep your data safe. Hundreds of organizations entrust us with the their data because LEAD was built with a privacy-first philosophy:
☑️ Data Encrypted in Transit
☑️ Data Encrypted at Rest
☑️ Field-level encryption for sensitive data in Database
☑️ Fully encrypted backups taken every 24 hours
☑️ Quarterly review of threat models
☑️ GDPR Compliant
☑️ The EU-U.S. Data Privacy Framework Principles (DPF), EU-U.S. Data Privacy Framework Principles (DPF), and the Swiss-U.S. DPF Certified (DPF is the successor to the former Privacy Shield.)
Within LEAD, we operate around a principle of least privilege in which we only collect data that is strictly necessary for us to offer our service. Because our service operates within Slack and Microsoft Teams, we use their APIs to which provide granularly scoped permission models to ensure we only have access to data that we require to offer our service.
Commitment to EU General Data Protection Regulation (GDPR)
EU/US, UK/US, Swiss/US Privacy Framework Principles (DPF) Certified
LEAD is The EU-U.S. Data Privacy Framework Principles (DPF), EU-U.S. Data Privacy Framework Principles (DPF), and the Swiss-U.S. DPF Certified, which governs the data privacy practices that we adhere to. (DPF is the successor to the former Privacy Shield.)
SOC 2 Compliance
LEAD is currently undergoing a SOC 2 process, and we are putting effort into our practices beyond just the SOC 2 audit.
Commitment to The California Consumer Privacy Act (CCPA)
LEAD is cloud hosted on AWS and spread across multiple availability zones so our services remain online, even during outages. LEAD experienced 100% Uptime in 2021 (as well as 2022, to date).
Please see our Vulnerability Disclosure Program for instructions on how to bring vulnerabilities to our attention, and our security team will contact you shortly.