Keeping Your Data Secured
Overview
Leasecake provides a cloud-based SaaS platform to house, organize, and secure your lease and location information. We respect your privacy and take significant efforts to protect all your data.
Keeping our customers’ data secure is the most important thing that Leasecake does. We go to considerable lengths to ensure that all data sent to Leasecake is handled securely – keeping Leasecake secure is fundamental to our business.
Infrastructure
Highlights
- All of our services and data are hosted in the cloud by Google Cloud Provider (GCP) facilities in the USA. Google provides an extensive list of compliance and regulatory assurances, see their US Compliance page for more information.
- Our infrastructure is spread across multiple data centers to protect against failures.
- Leasecake performs nightly backups of data from hot standby to backup customer data.
- All data is encrypted at rest and in transit.
Service Levels
We maintain an uptime of 99.95% or higher.
Our infrastructure is hosted by Google and they are bound by a 99.95% uptime SLA.
Data
All customer data is stored in the USA in multi-tenant datastores. We do not have individual datastores for each customer. We maintain strict privacy controls in our application code to ensure data privacy and to prevent one customer from accessing another customer’s data.
We have automated testing in place to ensure these controls work as expected. Additionally, we have an independent penetration test performed yearly that includes testing these controls.
Data Transfer
Authentication
Leasecake is served 100% over HTTPS.
We have two-factor authentication (2FA) and strong password policies for Google to ensure access to third-party cloud services are protected.
Data Transfer
Personnel
- All employees complete Security and Awareness training annually.
- Leasecake has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
- All employee contracts include a confidentiality agreement.
- Leasecake has plans to perform background checks on all new employees in accordance with local laws starting no later than January of 2022. The background check includes employment verification and criminal checks for US-based employees.
Application Monitoring
- On an application level, we monitor the backend framework via Scout APM
- All-access to Leasecake applications is logged and audited.
- We maintain a formal incident response plan for major events.
Security Audits
We perform an annual OWASP Application Security Verification Standard self certification. Any item that doesn’t pass must go through a remediation process.
We perform an annual independent penetration test. Any critical item found must be remediatiated immediately and all non-critical items must go through remediation. Post remediation we have a follow up penetration test to ensure we pass without any failures. We will perform additional penetration tests as needed when major updates are made to the application or infrastructure.
Security Policies and Secure Development (SDLC)
We perform an annual OWASP Application Security Verification Standard self certification. Any item that doesn’t pass must go through a remediation process.
We perform an annual independent penetration test. Any critical item found must be remediatiated immediately and all non-critical items must go through remediation. Post remediation we have a follow up penetration test to ensure we pass without any failures. We will perform additional penetration tests as needed when major updates are made to the application or infrastructure.
Vulnerability Disclosure
Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would love to hear from you.
Please reach out to us at security@Leasecake.com.