Security at Leadity

• Encryption in transit. All data transmitted between your browser and our servers uses TLS 1.2+ (HTTPS). We enforce HTTPS across all domains.
• Encryption at rest. Stored data — including conversation metadata and account information — is encrypted at rest using AES-256.
• OAuth only. We connect to Instagram, TikTok, and X via official OAuth flows. We never ask for or store your social media passwords.
• PCI DSS payments. Payments are handled by Stripe. We never store full card numbers, CVV, or sensitive payment data on our servers.
• Access controls. Role-based access controls and the principle of least privilege are applied across all internal systems and team access.
• Monitoring. 24/7 infrastructure monitoring with automated alerts for anomalous access patterns, errors, or performance degradation.

We only collect and retain data that is necessary to deliver the service. Full details are in our Privacy Policy.

In the event of a security incident affecting personal data, we follow a defined incident response procedure:

• Immediate containment and investigation upon detection.
• Notification to affected users as soon as practically possible.
• Notification to relevant data protection authorities within legally required timeframes (72 hours under GDPR where applicable).
• Post-incident review and remediation.

We work with vetted infrastructure providers including cloud hosting, payments (Stripe), and email delivery. All processors are bound by data processing agreements with appropriate security requirements.

Found a security vulnerability in the Leadity platform? Please report it responsibly to legal@leadity.io with a description of the vulnerability, steps to reproduce, and potential impact. We commit to acknowledging your report within 48 hours and working toward a fix promptly. We ask that you give us reasonable time to remediate before any public disclosure.

For any security-related questions, contact us at legal@leadity.io.