LeakLoop

Security at LeakLoop

Your security is our priority. We implement industry-leading security measures to protect your organization's data.

MFA
Protected
AES-256-GCM
Encryption
TLS
In Transit
ISO 27001
Inspired
SOC 2
Compliant Infra

Data Encryption

All data is encrypted both in transit and at rest using industry-standard encryption protocols.

  • TLS encryption for all data in transit (provider-supported)
  • AES-256-GCM encryption at rest
  • bcrypt password hashing with salt
  • SHA-256 hashing for audit logs
// All sensitive data is encrypted
encryption: {
  algorithm: "AES-256-GCM",
  keyLength: 256,
  transit: "TLS (provider-supported)",
  passwords: "bcrypt (cost 10+)"
}

Access Control

Strict access controls ensure your data is only accessible to authorized users within your organization.

  • Multi-Factor Authentication (MFA) - TOTP authenticator apps
  • Trusted device management - 30-day device remembrance
  • Row-Level Security at the database level
  • Organization isolation - no cross-tenant access
  • Session management with secure cookies
  • API authentication on every request
-- Row-Level Security ensures
-- data isolation per organization

CREATE POLICY "org_isolation"
  ON employees
  FOR ALL
  USING (
    organization_id IN (
      SELECT organization_id
      FROM users
      WHERE id = auth.uid()
    )
  );

Infrastructure Security

Our infrastructure is hosted on enterprise-grade platforms with comprehensive security certifications.

  • SOC 2 Type II compliant hosting (Vercel)
  • SOC 2 Type II compliant database (Supabase)
  • PCI DSS Level 1 payment processing (Stripe)
  • DDoS protection and edge security
Application HostingVercel (SOC 2)
DatabaseSupabase (SOC 2)
PaymentsStripe (PCI DSS)
AuthenticationSupabase Auth

Compliance

Our security practices align with international standards and regional privacy regulations.

  • ISO 27001 inspired security controls
  • Australian Privacy Principles (APP) compliant
  • GDPR data protection measures
  • OWASP Top 10 vulnerability mitigations
ISO
27001 Inspired
APP
Compliant
GDPR
Ready
OWASP
Protected

Additional Security Measures

Multi-Factor Authentication

Optional MFA via TOTP authenticator apps (e.g., Google Authenticator, Authy), with trusted device management and backup recovery codes for account protection.

Rate Limiting

API requests are rate-limited to prevent abuse and ensure service availability for all users.

Input Validation

All user input is validated and sanitized to prevent injection attacks and data corruption.

Audit Logging

Comprehensive audit logs track all security-relevant actions with privacy-preserving hashing.

Security Headers

CSP, HSTS, X-Frame-Options and other headers protect against XSS, clickjacking and MITM attacks.

SSRF Prevention

Webhook URLs are validated against a strict whitelist to prevent server-side request forgery.

Data Minimization

We only collect data necessary for service operation and automatically redact PII from logs.

Report a Security Vulnerability

We take security seriously. If you discover a vulnerability, please report it responsibly. We offer safe harbor for good-faith security research.

Email:security@leakloop.com

We aim to respond to all security reports within 48 hours.