Security Overview

Keeping Your Data Secured

Overview

Leasecake provides a cloud-based SaaS platform to house, organize, and secure your lease and location information. We respect your privacy and take significant efforts to protect all your data.

Keeping our customers’ data secure is the most important thing that Leasecake does. We go to considerable lengths to ensure that all data sent to Leasecake is handled securely – keeping Leasecake secure is fundamental to our business.

Infrastructure

Highlights

  • All of our services and data are hosted in the cloud by Google Cloud Provider (GCP) facilities in the USA. Google provides an extensive list of compliance and regulatory assurances, see their US Compliance page for more information.
  • Our infrastructure is spread across multiple data centers to protect against failures.
  • Leasecake performs nightly backups of data from hot standby to backup customer data.
  • All data is encrypted at rest and in transit.

Service Levels

We maintain an uptime of 99.95% or higher.
Our infrastructure is hosted by Google and they are bound by a 99.95% uptime SLA.

Data

All customer data is stored in the USA in multi-tenant datastores. We do not have individual datastores for each customer. We maintain strict privacy controls in our application code to ensure data privacy and to prevent one customer from accessing another customer’s data.

We have automated testing in place to ensure these controls work as expected. Additionally, we have an independent penetration test performed yearly that includes testing these controls.

Data Transfer

All data sent to or from Leasecake is encrypted in transit using 256-bit encryption.

Authentication

Leasecake is served 100% over HTTPS.
We have two-factor authentication (2FA) and strong password policies for Google to ensure access to third-party cloud services are protected.

Personnel

  • All employees complete Security and Awareness training annually.
  • Leasecake has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
  • All employee contracts include a confidentiality agreement.
  • Leasecake has plans to perform background checks on all new employees in accordance with local laws starting no later than January of 2022. The background check includes employment verification and criminal checks for US-based employees.

Application Monitoring

  • On an application level, we monitor the backend framework via Scout APM
  • All-access to Leasecake applications is logged and audited.
  • We maintain a formal incident response plan for major events.

Security Audits

We perform an annual OWASP Application Security Verification Standard self certification. Any item that doesn’t pass must go through a remediation process. 

We perform an annual independent penetration test. Any critical item found must be remediatiated immediately and all non-critical items must go through remediation. Post remediation we have a follow up penetration test to ensure we pass without any failures. We will perform additional penetration tests as needed when major updates are made to
the application or infrastructure.

Security Policies and Secure Development (SDLC)

We maintain security policies that are communicated and approved by management to ensure everyone knows their security responsibilities. Our policies are audited annually.

Software development is done through a documented SDLC process. Senior engineers conduct mandatory code reviews for code changes and periodic in-depth security review of architecture and sensitive code. We operate separate environments for development, QA, staging and production.

Annually our engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and other security controls.

Vulnerability Disclosure

Earning and keeping the trust of our customers is our top priority, so we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue that you believe we should know about, we would love to hear from you.

Please reach out to us at [email protected]