SecurityLast updated: March 1, 2026

Security at Leadron

Security is foundational to everything we build. We implement enterprise-grade controls to protect your data and maintain compliance with the most demanding regulatory frameworks.

Certifications & Compliance

SOC 2 Type II

Annual audit of security, availability, and confidentiality controls

GDPR

Full compliance with EU General Data Protection Regulation

CCPA

California Consumer Privacy Act compliance

ISO 27001

Information security management system certification

HIPAA

Health Insurance Portability and Accountability Act compliance

Encryption

  • All data encrypted in transit using TLS 1.3 with forward secrecy.
  • Data at rest encrypted with AES-256-GCM across all storage systems.
  • Database-level encryption with customer-managed encryption keys (CMEK) available on Enterprise plans.
  • End-to-end encryption for sensitive fields including PHI, PII, and payment data.

Infrastructure

  • Hosted on SOC 2 Type II certified cloud infrastructure.
  • Multi-region deployment with automatic failover and disaster recovery.
  • Network segmentation with firewalls, intrusion detection, and DDoS protection.
  • Regular penetration testing by independent third-party security firms.
  • Immutable infrastructure with automated security patching.

Access Controls

  • Role-based access control (RBAC) with granular permission management.
  • Multi-factor authentication (MFA) enforcement for all accounts.
  • Single Sign-On (SSO) via SAML 2.0 and OpenID Connect.
  • Session management with configurable timeout policies.
  • IP allowlisting and geo-restriction capabilities.

Monitoring & Detection

  • 24/7 security monitoring with automated anomaly detection.
  • Comprehensive audit logging of all user and system actions.
  • Real-time breach detection scanning per HIPAA §164.308(a)(6).
  • Automated alerts for suspicious login patterns and brute-force attempts.
  • Log retention for a minimum of 6 years for compliance requirements.

Data Protection

  • Automated data retention policies with configurable archival and deletion schedules.
  • GDPR Data Subject Request (DSR) processing — access, deletion, portability, and rectification.
  • Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs) available.
  • Regular data backup with encrypted, geographically distributed storage.
  • Secure data export and deletion upon contract termination.

Incident Response

  • Documented incident response plan with defined escalation procedures.
  • Breach notification within 72 hours as required by GDPR.
  • HHS notification within 60 days for HIPAA-covered breaches affecting 500+ individuals.
  • Post-incident review and remediation tracking.
  • Regular tabletop exercises and incident response drills.

Compliance

  • Annual SOC 2 Type II audit by independent auditors.
  • Regular internal security assessments and risk evaluations per HIPAA §164.308.
  • Vendor security review program for all third-party integrations.
  • Employee security training and background checks.
  • Security policies reviewed and updated annually.

Global Operations

  • Standard Contractual Clauses (SCCs) for international data transfers.
  • Data residency options for EU, US, and APAC regions on Enterprise plans.
  • GDPR-compliant sub-processor management with notification of changes.
  • Privacy-by-design principles embedded in our development lifecycle.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly. We appreciate the security research community and will work with you to address any findings promptly.

security@leadron.io