Leal

Security

Last updated on 24 Jan 2026

We recognise the importance of excellent security practices. This document aims to clarify how your data is protected.

General security practices

  • Access to servers, source code, and third-party tools are secured with two-factor authentication whenever possible.
  • We use strong, unique, and randomly-generated passwords.
  • Automated security vulnerability detection tools alert us when app dependencies have known security issues. Patches are applied and deployed promptly.
  • Production data never leaves the secure host. I.e. never copied to external devices such as laptops.

Encryption

Heroku manages SSL and uses their Automated Certificate Management (https://devcenter.heroku.com/articles/automated-certificate-management) service. Heroku Postgres is the database store. You can find further information on Heroku’s database implementation and security https://devcenter.heroku.com/articles/heroku-postgres-production-tier-technical-characterization#data-encryption.

What kind of data we collect

When you sign up to Leal, we collect the minimum necessary information to get your account set up:

  • Email
  • Password

Payment information

Premium account upgrades are handled securely by our third-party payment processor, Stripe (https://stripe.com/privacy). Leal does not store sensitive payment details.

Who we share information with

No one. Your personal information is not sold, read, or shared with third-parties. We’re not in the business of selling your data.

Information about how users are interacting with the app is collected using Google Analytics to help improve the product and provide faster, more effective support when issues arise.

See the Privacy Policy for further information.

How do I report a potential vulnerability or security concern?

Please email support@getleal.com if you have any concerns.

Further questions?

Great! Please contact us at support@getleal.com, and we’ll happily update this doc.