This Security Policy governs the processing of data provided by a LEAP client in connection with their LEAP Supply and Support Terms and Conditions (“Agreement”) or through the use of the LEAP services or websites. By using the software, our services, or our website, or by signing an Agreement with LEAP, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our services or websites.
Effective 1st June 2025, LEAP is proud to announce our SOC 2 Type 2 certification via a successful audit completed by AssuranceLab CPAs LLC. SOC 2 represents a high security standard that is globally recognized to demonstrate our commitment to securing our customers' critical information assets.
SOC 2 is considered the gold standard for security compliance for software-as-a-service (SaaS) companies across the globe. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, and confidentiality of customer data.
The SOC 2 Type 2 audit confirmed that our system is designed to keep our clients' sensitive data secure.
The security and confidentiality of our users' data has always been a top priority. This rigorous, independent assessment of our internal security controls serves as validation of our dedication and adherence to the highest standards for security and confidentiality to protect our users' data.
You can find out more about LEAP's Compliance program and request a copy of our SOC 2 report from the LEAP Trust Center
Being a cloud solution, the software and all client data is stored on LEAP Servers, which are built on the Amazon Web Services (AWS) platform.
AWS is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is one of the largest and most successful cloud platform providers in the world.
AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Johnson &Johnson, Moderna, Nasdaq and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
LEAP stores data originating from the EU and the UK in Dublin, Ireland & Frankfurt, Germany; data from Australia and New Zealand in Sydney, Australia; data from the U.S. in North Virginia; and data from Canada in Montreal, Canada. LEAP actively works to take advantage of AWS suite of services, following Information Security industry practices.
LEAP will notify the client without undue delay and in writing on becoming aware of any Data Breach in respect to our client’s data.
If a vulnerability is identified or data is available publicly outside of the LEAP Software, please contact LEAP immediately via email here.
Each LEAP application is accessed via HTTPS using Transport Layer Security (TLS).
Once client data reaches the LEAP cloud infrastructure, all information is then encrypted at rest, using AES-256, encryption.
LEAP has been designed to be a highly available, active-active solution. LEAP services are split over multiple AWS data centers within the AWS region. In the event of one data center going offline in a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption. LEAP is not responsible for any delays resulting from AWS server availability.
Realtime availability status can be found on the LEAP Status pages:
LEAP implements robust security measures to continuously monitor and protect all APIs (Application Programming Interface) to prevent unauthorised and abusive access. This protects against malicious activity such as account takeovers, credential stuffing, content scraping, and denial-of-service attacks.
The LEAP Desktop, LEAP Mobile, LEAP Web, and LEAP Marketplace integrations provide secure access to LEAP APIs and are the only authorized access methods.
To protect the experience for all our users and maintain the security, availability, and integrity of data stored within LEAP, any unauthorized application, integration, program, automation, bot, or manual method will result in the automatic blocking of IP addresses and suspension of user accounts involved in such activity.
LEAP servers are backed up multiple times daily, weekly and monthly.
LEAP is monitored 24 hours a day, 7 days a week, 365 days a year.
If you provide to LEAP any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data.
In order to protect you and your information, LEAP may suspend your use of any LEAP service, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure area without authorised access is prohibited and may lead to criminal prosecution. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at security@leapdev.io.
We may use your information as we believe to be necessary or appropriate:
LEAP employs industry standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. LEAP is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information. Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any LEAP websites.
This statement reflects the security policy of LEAP and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within LEAP. Any questions should be directed to security@leapdev.io.
