Security Policy

LEAP Legal Software

This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement ("Agreement") or through the use of the LEAP Services. By using the Software, our services, or our website, or by signing an Agreement with LEAP, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Sites or App.

Cloud Infrastructure

The LEAP cloud infrastructure is maintained by the industry leading cloud platform provider, Amazon Web Services ("AWS"), in multiple unmarked facilities within the United States. The terms of agreement AWS service is available here: AWS has achieved a substantial amount of certification and compliance in industry standards, which recognize best practices in Information Security. A full listing of AWS certification and compliance is available here:

Security Controls

LEAP utilizes multiple layers of security controls (software, physical, and process based) to protect our client data. This may include, but is not limited to:

  • Local & Network Firewalls
  • Web Application Firewalls
  • Intrusion Detection & Prevention Systems
  • Multi-vendor Anti-Virus
  • Application White Listing
  • DDoS Throttling Services
  • Access Control Lists
  • Security Patch Management
  • ITIL Framework (release/incident/change)
  • Identity and Access Management
  • Centralized Log Management
  • Symmetric and Asymmetric Encryption systems
  • Two-factor Authentication
  • Secure Code Reviews
  • Separation of Duties
  • Data Loss Prevention
  • Vulnerability Assessment
  • Anomaly Detection
  • Externally Commissioned Penetration Testing
  • Externally Commissioned Audits
  • Remote Monitoring & Alerting

Data Encryption

Each LEAP application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet, against eavesdropping, tampering, and message forgery. Once client data reaches the LEAP cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption. This is done to protect client information in the event the LEAP server is compromised by an authorized party.

Service Availability

LEAP has been designed to be a highly available, active-active solution. LEAP services are split over multiple AWS data centers within the United States. In the event of one data center going offline in a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption. LEAP is not responsible for any delays resulting from AWS server availability.

Backup Policy

LEAP servers are backed up multiple times daily, weekly and monthly.

System Monitoring

LEAP is monitored 24 hours a day, 7 days a week, 365 days a year.

Data Breach Notification

LEAP will notify the Subscriber without undue delay and in writing on becoming aware of any Data Breach in respect to our client’s data. If a vulnerability is identified or data is available publicly outside of the LEAP Software, please contact LEAP immediately via


If you provide to LEAP any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data in accordance with this policy.

Account Access

LEAP employs industry standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. LEAP is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information.

Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any LEAP websites. In order to protect you and your information, LEAP may suspend your use of a website, without notice, pending an investigation, if any breach of security is suspected.

Access to and use of password protected and/or secure area of any Unauthorized access to such areas is prohibited and may lead to criminal prosecution. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section herein.

We may use your information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to service providers which act for us or provide services for us, such as for marketing or for the processing of payments, and as to such service providers their use of Personal Information is subject to our agreements with them and any applicable laws;

(e)to enforce our terms and conditions; (f) to protect our operations or those of any of our affiliates; (g) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (h) to allow us to pursue available remedies or limit the damages that we may sustain.

Privacy Policy

LEAP's Privacy Policy is subject to change and can be accessed at:


LEAP may update this policy periodically. When this policy is modified in a material way the date following this policy will be updated. Changes to this policy are effective when they are posted on our website.

Contacting Us

If you have any questions about this Security Policy, or if you have a complaint, access request or any other issue, please contact us at

Everything you need to run a law firm.

Book your free demonstration today.