Security & Compliance

Your data security is our top priority. Here's how we protect it.

Security Certifications

🔒

SOC 2 Type II

Certified compliance with security, availability, and confidentiality standards.

🔐

SSL/TLS Encryption

All data in transit is encrypted with industry-standard SSL/TLS encryption.

GDPR Compatible

Our data practices comply with GDPR and Indian data protection regulations.

Our Security Measures

Data Encryption

At Rest: All stored data is encrypted using AES-256 encryption.

In Transit: Data transmitted between your device and our servers uses TLS 1.2+ encryption.

Encryption keys are managed securely and rotated regularly.

Access Control

Authentication: Secure password requirements, multi-factor authentication available.

Authorization: Role-based access control ensures users only access what they need.

Admin Access: Limited to authorized personnel with audit logging.

Infrastructure Security

Servers: Hosted on secure cloud infrastructure with redundancy and backups.

Firewalls: Enterprise-grade firewalls and intrusion detection systems.

DDoS Protection: Protection against distributed denial-of-service attacks.

Monitoring & Auditing

Security Monitoring: 24/7 monitoring for suspicious activities.

Audit Logs: All system and user activities are logged for audit purposes.

Vulnerability Scans: Regular security assessments and penetration testing.

Incident Response

Response Team: Dedicated security team for rapid incident response.

Communication: Users are notified immediately of any security incidents.

Recovery: Documented procedures for incident investigation and recovery.

Data Backups

Frequency: Automatic backups taken daily with redundant storage.

Testing: Backup restoration is tested regularly to ensure data recoverability.

Disaster Recovery: Backup systems in geographically separate locations.

Compliance & Legal

Indian Data Protection Laws

We comply with:

  • Information Technology Act, 2000
  • Personal Data Protection laws and regulations
  • Reserve Bank of India (RBI) guidelines for payment systems

GDPR Compliance

If you have users in the EU, we comply with GDPR including:

  • Right to access, correction, and deletion
  • Data portability
  • Privacy by design principles
  • Data Processing Agreements available

Payment Security

Payment processing is PCI DSS Level 1 compliant. We use industry-standard payment providers (Stripe) to securely handle credit card transactions. We never store full credit card details.

Security Reporting

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly:

Email: security@lead.select

Do not publicly disclose the vulnerability until we have had time to fix it. We appreciate responsible disclosure and will acknowledge your report and update you on our progress.

What We Expect:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information

What You Can Expect:

  • Acknowledgment within 24 hours
  • Regular updates on our progress
  • Public credit once the issue is fixed (optional)

Security FAQ