Security & Compliance Policy

Your data security is our top priority. Learn about our comprehensive security measures, data protection practices, and compliance with industry standards.

Data Protection & Privacy

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR) and ensure that all personal data is processed lawfully, fairly, and transparently.

  • Right to Access: Users can request access to their personal data at any time.
  • Right to Rectification: Users can request correction of inaccurate personal data.
  • Right to Erasure: Users can request deletion of their personal data.
  • Data Portability: Users can export their data in a machine-readable format.

Data Processing Principles

  • Lawful Basis: All data processing has a clear legal basis.
  • Purpose Limitation: Data is only collected for specified, explicit purposes.
  • Data Minimization: We only collect data that is necessary for our services.
  • Storage Limitation: Data is not kept longer than necessary.

Security Measures

Data Encryption

  • AES-256 Encryption: All data is encrypted at rest using industry-standard AES-256 encryption.
  • TLS 1.3: All data in transit is protected with TLS 1.3 encryption.
  • SHA256 Hashing: Passwords and sensitive data are hashed using SHA256.
  • Key Management: Encryption keys are managed securely and rotated regularly.

Infrastructure Security

  • Cloud Security: We use AWS with enterprise-grade security measures.
  • Network Security: Firewalls, DDoS protection, and intrusion detection systems.
  • Access Control: Multi-factor authentication and role-based access control.
  • Monitoring: 24/7 security monitoring and alerting systems.

Payment Security

PCI DSS Compliance

We maintain PCI DSS (Payment Card Industry Data Security Standard) compliance to ensure secure payment processing.

  • Secure Payment Processing: All payments are processed through PCI DSS compliant payment gateways.
  • No Card Data Storage: We never store credit card information on our servers.
  • Tokenization: Payment tokens are used instead of actual card data.
  • Regular Audits: Annual PCI DSS compliance audits and assessments.

Privacy Controls

User Privacy Features

  • Privacy Dashboard: Users can view and manage their privacy settings.
  • Data Export: Users can export their data in JSON or CSV format.
  • Account Deletion: Users can permanently delete their account and all associated data.
  • Cookie Management: Transparent cookie usage with user control options.

Compliance & Certifications

Industry Standards

  • ISO 27001: Information Security Management System certification.
  • SOC 2 Type II: Service Organization Control 2 compliance.
  • GDPR: Full compliance with European data protection regulations.
  • CCPA: California Consumer Privacy Act compliance.

Incident Response

Security Incident Management

  • 24/7 Monitoring: Continuous security monitoring and threat detection.
  • Incident Response Plan: Documented procedures for handling security incidents.
  • User Notification: Prompt notification of users in case of data breaches.
  • Regulatory Reporting: Compliance with mandatory breach reporting requirements.

Questions About Security?

Our security team is available to answer any questions about our security measures and compliance practices.

Email: security@leasense.com

Response Time: Within 24 hours