Enterprise security. US-resident. Audited.
Your lease data stays in the United States, encrypted, isolated, and never used to train AI models.
Security at a Glance
Built for enterprise requirements.
SOC 2 Type II
Independently audited controls for security, availability, and confidentiality. Report available under NDA via our Trust Center.
AES-256 Encryption
All data encrypted at rest using AES-256 or equivalent at the storage layer.
TLS 1.2+
All data in transit protected with TLS 1.2 or higher.
High Availability
Continuous system health monitoring. Specific SLA terms in customer agreements.
US-Based Infrastructure
All infrastructure located in the United States. Your data stays here.
Annual Pen Testing
Third-party penetration testing conducted annually. Findings remediated on a risk-prioritized basis.
Infrastructure
Secure by design.
All infrastructure is located in the United States. Logical tenant separation ensures each customer’s lease data, templates, and configurations are isolated and inaccessible to other customers.
- Hosting
- Enterprise cloud infrastructure
- Database
- Managed database provider
- Tenancy
- Multi-tenant with logical separation
- Deployment
- Fully containerized, defined as code (IaC)
Access Control
Controlled access at every level.
SSO, 2FA, role-based permissions, and audit logging. Your team controls who sees what.
Two-Factor Authentication
2FA via authenticator app, available for all user accounts.
Single Sign-On
SSO via SAML and OIDC through your enterprise identity provider.
Role-Based Access Control
Granular user roles ensure team members only access the data and features they need.
Need-to-Know Access
Internal employee access to customer data is strictly limited and granted only when necessary.
Audit Logging
Comprehensive activity logs track all access and changes for compliance and security review.
AI Data Protection
- Your data is not sent to any third-party AI service
- Your data is never used to train models
- All AI prompts and outputs are stored in isolated, company-specific databases
- No cross-tenant data access, your data is only accessible within your organization
- AI processing inherits the same encryption and access controls as all platform data
AI Security
Rule-based first. AI when you choose.
LeasePilot’s core platform is rule-based automation, not AI. AI-powered features are available as an optional, opt-in capability for tasks like clause suggestions and lease analysis.
AI runs on a private model deployment, not a consumer AI service. Your data is not sent to any third party and is never used to train models.
Operational Security
People, processes, policies.
Topic · 01
Employee Security
- Background and reference checks for all employees
- Regular security awareness training
- Code of conduct and confidentiality agreements
- Formal onboarding and offboarding processes
Topic · 02
Vulnerability Management
- Automated scanning and timely patch management
- Critical vulnerabilities prioritized immediately
- Remediation tracking maintained
- Pentest report available upon request via Trust Center
Topic · 03
Incident Response
- Formal incident response policy
- Incident review process implemented
- Affected customers notified promptly per contractual and legal obligations
Topic · 04
Data Retention & Deletion
- Formal data management and retention policy
- Data export available upon contract termination
- Data deletion available upon request
Business Continuity
Highly available.
Lease operations can’t wait. LeasePilot targets high availability with continuous system health monitoring. Specific SLA terms are included in customer agreements.
Our infrastructure is fully containerized and defined as code, enabling rapid recovery and environment provisioning. Disaster recovery plans are formally documented and tested regularly.
- Availability
- High availability; SLA in agreements
- Monitoring
- Continuous system health monitoring
- Disaster Recovery
- Formally documented plan, tested regularly
- Data Recovery
- Established recovery process
- Infrastructure
- Dockerized / IaC, rapid recovery and provisioning
- RTO / RPO
- Available on request
Live Status
Subprocessors
Vetted partners, named openly.
All subprocessors undergo security review before onboarding and are monitored through a formal vendor management program.
| Subprocessor | Purpose |  LeasePilot |  Clausebook |
|---|---|---|---|
 Microsoft Azure | Cloud infrastructure & hosting | ||
 Vercel | Application hosting | ||
 PlanetScale | Database hosting | ||
 Control Plane | Infrastructure management & security | ||
 Azure OpenAI Service | AI/ML processing | ||
 Auth0 | Authentication services | ||
 WorkOS | Enterprise SSO | ||
 Liveblocks | Real-time collaboration | ||
 Sendgrid | Transactional email | ||
 Twenty | CRM & sales pipeline | ||
 Intercom | Customer support | ||
 Zendesk | Customer support | ||
 Wootric | Customer feedback | ||
 Mixpanel | Product analytics | ||
 LogRocket | Session monitoring | ||
 Sentry | Error monitoring | ||
 Oneleet | Security & compliance (SOC 2) |
For a complete and up-to-date list of subprocessors, visit our Trust Center.
Need more detail
We make it easy to verify.
SOC 2 report, pentest results, and security documentation are available through our Trust Center. For questionnaires or specific questions, reach out directly.
security@leasepilot.co