We understand that privacy and security are essential to fulfilling our obligation to provide you with the best service possible. This begins with trust and peace of mind. We've gone above and beyond to implement industry-exceeding security standards and are guided by recognized cybersecurity experts that are part of our Advisory Board.
Data in Transit - All data transferred between the user’s browser and leafplanner’s servers is encrypted in transit using TLS.
Data at Rest - Data is encrypted at rest in AWS using AES-256 key encryption. We further protect client data by utilizing ShardSecure's Microshard™ service.
Data Center Security
Data Center Provider - leafplanner uses Amazon Web Services (AWS) to host its production servers, databases, and supporting services.
Multi-Region - leafplanner uses a multi-region setup for its infrastructure. With one AWS region as a primary and another AWS region as a backup.
Access Controls - Access to leafplanner's systems is limited based on employee roles and responsibilities. The principle of least privilege is enforced (PoLP).
Testing and Review - All changes to our application are subject to peer review and testing before being merged or released.
Separate Environments - leafplanner maintains segregated development, staging, and production environments.
MFA - MFA or 2FA (Two-Factor Authentication) is available and recommended for all leafplanner users. We strongly recommend enabling two-factor authentication for your account and requiring it for additional users.
Industry Exceeding Strong Password Protection - Passwords must be a minimum length of 12 characters. Passwords must combine letters, numbers, and special characters, including lower- and upper-case characters.
Permission-Based Access - Control what additional users on your account have access to.
Activity Monitoring - A detailed activity log is visible within every leafplanner account that records session information, including; who accessed, what was accessed, and any changes made.
Background Checks - All potential employees are subject to a background check before hiring.