Below are answers to the most often asked questions in regards to our security practices.

Confidentiality

Employee access
Customer data is only accessible by those who need to access it for their work, for example, Technical support.

Employee contractual confidentiality
All our staff contracts have clauses on confidentiality.

Access to customer data is logged
Access by our staff to any customer data is logged in detail.

Internal practices

Security & privacy policies
We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data.

Device management
We enforce and implement the following practices on staff workstations and mobile devices

  • Disk encryption
  • Lock screens
  • Mobile device remove wipe/management
  • Secure networks and firewalls

Security & privacy training
All our staff members receive security and privacy training at on-boarding and on an ongoing basis.

Data Centres

Amazon Web Services
All our servers and data are hosted on Amazon Web Services, USA and Ireland.  
You can read about Amazon’s security features and compliance from:  
https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/

Encryption

Transit
Access to our websites, applications and APIs is always secured with HTTPS.

Any data transferred to and from our integrations is encrypted.  

Where applicable, intra application communication is also encrypted.

At rest
Our databases, logs, caches and other storage where we keep customer data are encrypted at rest.

Technical details

  • At rest, AES-256 encryption is used.
  • Transit in and out of Leadfeeder systems is always HTTPS encrypted (TLS 1.2 – 1.0. RSA with AES128 GCM SHA256)
  • Intra-application transit, inside our production network is AES-256 encrypted.

Availability

Monitoring
We implement various mechanisms and are constantly improving monitoring of our networks, servers and applications. We monitor errors, availability, system behaviour, load and other resource usage.  

  • Servers
  • Networks
  • Applications

Backups
We backup our customer data hourly, daily and weekly. We routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.

Disaster recovery
Our production infrastructure is built on fault-tolerant systems that ensure that customer data is stored redundantly across multiple data centres (AWS Availability Zones).   

In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures.  

Our technical staff is always on call and will be alerted in cases of failures or warnings in the system.

Production infrastructure

We implement various industry best practices on securing our production infrastructure.

2FA access enforced
Two-factor authentication is required for accessing production resources.

Firewalls
Databases, application instances, caches and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.

Network monitoring of suspicious activity
We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.

Detailed logging
Access, changes to, provision and decommission of any servers or resources are logged in detail.

Product

With Leadfeeder’s privileges and access controls you can manage who can access and which data.

User privileges
Users can be configured to have limited access or privileges to make changes to Leadfeeder settings.

Google and Microsoft login
We currently support Google (GSuite) and Microsoft Office 365 federated login methods.

Related:

Did this answer your question?