We take security seriously here at Leadmonk. Here are some of the enterprise-grade security and privacy controls we use to protect our customers’ data.
PRIVACY AND SECURITY STANDARDS
Our policies, procedures, and technologies enable us to comply with industry-standard requirements.
1. Application security measures
Login credential protection
Leadmonk never collects passwords for Google or Outlook Calendar connections. A secure OAuth connection to sync the calendar only grants Leadmonk access to your calendar account through a secure token from your email provider. This also enables you to set additional security precautions with that provider including 2-factor authentication (2FA).
User provisioning and de-provisioning
Leadmonk offers seamless OAuth (Open Authorization) through Google or Outlook Calendar. The calendar connection is removed automatically when your account is canceled/deleted. Users can also delink connected calendars within the app / Appointment Scheduling Software / Booking Software.
2. Data Hosting
Google Cloud Services
Leadmonk’s physical infrastructure is hosted and managed within Google’s secure data centers. Leadmonk leverages all the platform’s built-in security, privacy and redundancy features.
The Leadmonk application is hosted on firebase using GCP technology. See Firebase’s Privacy and Security.
Data that passes through Leadmonk is encrypted, both in transit and at rest. All connections from the browser to the Leadmonk platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Leadmonk requires HTTPS for all services. Leadmonk uses HSTS to ensure browsers interact with Leadmonk only over HTTPS and is on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
3. Security and Compliance
While we retain a minimal amount of customer data and limit internal access on a need-to-know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data.
All employees and contractors sign a confidentiality agreement before they start at Leadmonk.
Leadmonk continuously scans the product for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and act when an incident has been detected.
New releases to the Leadmonk platform are thoroughly reviewed and tested to ensure high availability and a great customer experience. Changes to our codebase are required to include unit tests, integration tests and end-to-end tests. Changes are run against our continuous integration server, which enables us to automatically detect any issues in development.