Security information

Leda encrypts data at rest and at transit for all of our partners and users. We use tools like Amazon Web Service's Key Management System (KMS) to manage encryption keys and strict access control and monitoring in line with industry best practices. All employees have multi-factor authentication, screen locks, antivirus software, and hard disk encryption enabled on company devices with access to secure data.

Leda regularly engages security experts for third-party penetration tests and security audits. Our penetration testers evaluate the source code, the running application, and the deployed environment. Leda also uses high-quality static analysis tooling provided by Snyk to secure our product at every step of the development process.

Leda uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including KMS. In addition, we deploy our applications using Serverless and AWS-managed services, meaning we typically do not manage servers or EC2 instances in production.

To access your account information, you must provide a unique email address and a password to log in. Your password is not  displayed when entered (i.e., the password does not appear in clear text on your screen when you enter it).

Firewalls and monitoring systems are used to help protect Leda systems and proprietary networks from any unauthorized Internet traffic.

Leda is currently working with Vanta to become HIPAA and SOC2 audit ready.