Security Standards

At LeakTrace Inc, security is at the core of our operations. We are committed to protecting sensitive information through strict adherence to industry best practices and security frameworks. This Security Standards page outlines the measures we take to safeguard user data — including anchor points such as full name, email, and phone identified in monitored criminal-targeting sources — prevent unauthorised access, and maintain the integrity of our platform as we proactively alert you to protect your personal and financial information.

LeakTrace follows industry-recognised security best practices. Our security policies and controls are designed to ensure a high level of data protection and privacy for all data processed. As part of our ongoing commitment to security, we continuously refine our infrastructure and processes to meet evolving industry requirements.

We employ advanced encryption technologies to protect user data at all times.

• Data at Rest: All stored data — including consent-based identifiers and breach reports — is encrypted using AES-256 encryption.
• Data in Transit: All data transmitted between users and our platform — during outreach, signup, or dashboard access — is secured using TLS 1.3.
• Password Hashing: User credentials are protected with strong cryptographic hashing algorithms (bcrypt) to prevent unauthorised access post-signup.

To minimise risk and prevent unauthorised access, we enforce strict access control mechanisms:

• Multi-Factor Authentication (MFA): Required for administrative access to systems handling anchor points and user data.
• Role-Based Access Controls (RBAC): Ensures users and staff only have access to necessary data — dashboard reports are limited to consented users.
• Session Timeout Policies: Automatically expire inactive sessions to protect post-signup dashboard interactions.

LeakTrace conducts regular security assessments and implements proactive risk management strategies:

• Ongoing Security Audits & Penetration Testing: Identifies and mitigates vulnerabilities in our systems.
• Continuous Monitoring: Detects potential threats and suspicious activity, including unauthorised attempts to access user-submitted data, using our Compliance Audit Trail.
• Incident Response Plan: Addresses security incidents in a timely, structured manner to protect users alerted through our Services.

We adhere to strict data retention policies to enhance security and compliance:

• Data Centre Security: User data — including consent-based identifiers and breach reports — is stored in highly secure environments with industry-standard protections.
• Retention Policies: Breach reports are retained for 24 months after generation, then deleted unless a legal hold applies. Consent and activity logs (Compliance Audit Trail) are retained for 3 years for legal auditing.
• Secure Data Disposal: When no longer needed — including upon user deletion request — data is permanently removed following industry best practices. You may request deletion of your account data at any time by contacting [email protected]. We will permanently remove your data at your request, except where legally required to retain it.
• Evidence Handling: For credibility and audit purposes, we provide verifiable evidence (e.g., anonymised text extracts or logs from the Compliance Audit Trail) post-consent and post-payment. Specific sources are withheld to protect proprietary methods.

LeakTrace has a structured approach to handling security incidents:

• 24/7 Security Monitoring: Detects and responds to threats using proprietary analysis tools verified by human analysts.
• Breach Notification Protocol: In the event of a confirmed security breach impacting your data, affected users will be notified as soon as feasible via email or SMS, per applicable regulatory requirements (PIPEDA, CCPA).
• Mitigation & Containment: Rapid response measures limit exposure and prevent further compromise, protecting pre-identified and consented user data.

While LeakTrace implements robust security measures, users play a role in safeguarding their accounts:

• Use strong, unique passwords and enable Two-Factor Authentication (2FA) where possible to secure your dashboard after signup.
• Be cautious of phishing attempts and suspicious activity — verify outreach emails and SMS from us before acting (see Terms of Service Section 6).
• Regularly review account settings and breach reports for unauthorised access or new detections tied to your anchor points.

For security-related enquiries or to report a potential vulnerability, contact us directly:

• Security: [email protected]
• Support: [email protected]
• Mail: LeakTrace Inc., 1200 Bay Street, Suite 1201, Toronto, ON M5R 2A5, Canada

We may update this Security Standards policy periodically to reflect changes in our security practices or regulatory requirements. Changes will be posted with a "Last Updated" date. Significant updates — such as changes to encryption methods or data retention policies — will be communicated via email to users who have signed up. For pre-signup users, updates will be posted as a notice on our website. We recommend reviewing this page periodically to stay informed.

LeakTrace remains committed to maintaining and evolving its security standards to keep pace with industry advancements and emerging threats.