Security Practices

Effective: April 7, 2017

Thousands of users trust LEANSTACK with their sensitive and confidential business ideas. We take that trust seriously. This page describes our security practices.

Confidentiality

We implement strict controls over employee access to customer data. Staff require documented authorization to view information, and all access is logged through technical controls and audit policies.

Personnel Practices

All employees must read and consent to company policies regarding security, availability, and confidentiality of the LEANSTACK services.

Data Centers and Compliance

LEANSTACK operates on cloud infrastructure that maintains:

• ISO 27001 certification
• SOC 1 and SOC 2/SSAE 16 accreditation
• PCI Level 1 compliance
• FISMA Moderate certification
• Sarbanes-Oxley compliance

Payment Security

LEANSTACK is a PCI Level 4 Merchant and uses Stripe for secure credit card processing.

Data Protection

Encryption: We support HTTPS for all applications and SSL database connections, plus encrypted data at rest.

Single Sign-On: Administrators can integrate with multiple SSO providers.

Infrastructure Reliability

• Fault-tolerant systems with redundant data storage across multiple locations
• Nightly automated backups
• Firewalls, DDoS mitigation, and two-factor authentication for server access

Vulnerability Management

We perform automated scanning, peer-review code audits, and continuous hybrid scanning.

Logging and Monitoring

Centralized logging tracks security events, monitoring, availability, and access metrics.

Contact

For security concerns, contact us at team@leanstack.com.