Your security at Leadfeeder is our top priority. Bellow are some common questions and concerns. If you have an additional question we are always updating our Help Center support@leadfeeder.com

Confidentiality

Employee access
Customer data is only accessible by those who need to access it for their work, for example, Technical support.

Employee contractual confidentiality
All our staff contracts have clauses on confidentiality.

Access to customer data is logged
Access by our staff to any customer data is logged in detail.

Internal practices

Security & privacy policies
We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data.

Device management
We enforce and implement the following practices on staff workstations and mobile devices

Disk encryption
Lock screens
Mobile device remove wipe/management
Secure networks and firewalls

Security & privacy training
All our staff members receive security and privacy training at on-boarding and on an ongoing basis.

Pentesting
We do continuously pentesting.

Data Centres

Amazon Web Services
All our servers and data are hosted on Amazon Web Services within EU/EEA area.
You can read about Amazon’s security features and compliance from:
https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/

Encryption

Transit
Access to our websites, applications, and APIs is always secured with HTTPS.

Any data transferred to and from our integrations is encrypted.

Where applicable, intra application communication is also encrypted.

At rest
Our databases, logs, caches, and other storage where we keep customer data are encrypted at rest.

Technical details

At rest, AES-256 encryption is used.
Transit in and out of Leadfeeder systems is always HTTPS encrypted (TLS 1.2 – 1.3. RSA with AES128 GCM SHA256)
Intra-application transit, inside our production network, is AES-256 encrypted.

Availability

Monitoring
We implement various mechanisms and are constantly improving the monitoring of our networks, servers, and applications. We monitor errors, availability, system behavior, load, and other resource usage.

Servers
Networks
Applications

Backups
We backup our customer data hourly, daily, and weekly. We routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.

Disaster recovery
Our production infrastructure is built on fault-tolerant systems that ensure that customer data is stored redundantly across multiple data centers (AWS Availability Zones).

In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures.

Our technical staff is always on call and will be alerted in cases of failures or warnings in the system.

Production infrastructure

We implement various industry best practices on securing our production infrastructure.

2FA access enforced
Two-factor authentication is required for accessing production resources.

Firewalls
Databases, application instances, caches, and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.

Network monitoring of suspicious activity
We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.

Detailed logging
Access, changes to, provision and decommission of any servers or resources are logged in detail.

Product

With Leadfeeder’s privileges and access controls you can manage who can access and which data.

User privileges
Users can be configured to have limited access or privileges to make changes to Leadfeeder settings.

Google and Microsoft login
We currently support Google (GSuite) and Microsoft Office 365 federated login methods.

When Microsoft Office 365 login is used, Leadfeeder requests only a couple of permissions: openid, email, User.read.