We are committed to providing our customers with highly secure and reliable services. Therefore, we developed a security model and controls designed to maintain the confidentiality of customer information while simultaneously ensuring a high level of access to that information.
We base our security model and controls on proven, best-in-class tools, technologies, practices, and procedures.
SOC 2 Practices and Processes
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. Here’s how we address those principles at Leasecake:
Security: The system is protected from unauthorized physical and logical access. Leasecake customers can use two-factor authentication in addition to encrypted credentials, providing an additional security layer. Data in transit and at rest is always encrypted.
Availability: The system is available for use as agreed in our Terms of Service. We use best-in-class cloud hosting with a minimum of 99.99% uptime. Production instances have hot failovers with load balancing to ensure high availability.
Processing Integrity: System processing is complete, accurate, timely, and authorized. Our change control process runs source code through unit testing, automated QA testing, and manual QA testing to ensure all Leasecake data is accurate.
Confidentiality: Information designated as confidential is protected as committed or agreed. Our data storage model segregates data and enforces access control as established by the customer.
Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and the criteria set forth in Generally Accepted Privacy Principles (GAPP).
While the SOC 2 compliance outlined above addresses physical and logical security for data, PCI compliance ensures that an organization follows security standards for protecting customer payment data. Leasecake processes transactions exclusively with audited payment processors that are PCI Level 1 compliant.
For additional security and oversight, we engage an independent 3rd party for penetration testing. A penetration test, or pen test, is an attempt to penetrate the security of our application and infrastructure. In short, testers (known as ethical hackers) try to exploit vulnerabilities and find potential entry points into our system. The goal is to proactively identify security weaknesses before someone else does.
If you have questions about Leasecake’s security model and controls, please contact us at security@Leasecake.com.