Security

Your data, your infrastructure, your control.

Enterprise-grade security by default. Free SSL, DDoS protection, isolated tenants, encryption at rest and in transit. The same posture Fortune 500s demand, on every plan.

Encryption

In transit

TLS 1.3 on all customer-facing traffic. Free, auto-renewing SSL via Let's Encrypt.

At rest

AES-256 encryption on all storage volumes. Database backups encrypted with customer-managed keys on Enterprise.

Backups

Encrypted, immutable, geo-redundant. 7 daily, retained 30 days on Enterprise.

Isolation

Tenant compute

Each customer on dedicated vCPU and RAM. No shared memory with other customers.

Tenant storage

Dedicated storage volume per customer. No noisy neighbors on disk I/O.

Tenant network

Network namespace isolation. Per-tenant firewall rules.

Defense

DDoS

Cloudflare DDoS protection (unmetered, L3-L7). Always on.

WAF

Cloudflare Web Application Firewall with managed rulesets. OWASP top 10 covered.

Bot mgmt

Cloudflare Bot Fight Mode on by default. Challenge or block suspicious traffic.

Operations

Patch cadence

Security patches applied within 24 hours of CVE disclosure for high-severity issues.

Monitoring

24/7 infrastructure monitoring. PagerDuty integration for incidents.

Backups

7 daily backups, one-click restore, immutable storage. Tested monthly.

Pen testing

Annual third-party penetration test. Summary available under NDA on Enterprise.

Compliance

GDPR

GDPR-compliant by design. DPA available on request. EU customers can request EU-only data residency.

SOC 2

SOC 2 Type II report available under NDA on Enterprise tier.

PCI-DSS

We don't process card data directly (Stripe handles it), but our infrastructure is PCI-DSS-aligned.

Data residency

US or EU regions available on Enterprise. Other regions on request.

Access

2FA

Required on all Leapjuice customer accounts. TOTP and WebAuthn supported.

SSO

SAML SSO on Enterprise. Google Workspace, Okta, and Auth0 supported.

Audit logs

All account activity logged. Available via API. 90-day retention.

Role-based access

Owner, Admin, Developer, Viewer roles. Per-app and per-environment access.

Need a security review?

We provide security questionnaires, SOC 2 summaries, and architecture diagrams under NDA. Email us — we usually respond within 24 hours.

Request security docs

FAQ

Security questions, answered

SSL, DDoS, encryption, compliance, and how we keep your site safe.

Is my site DDoS-protected?

Yes. Every Leapjuice site sits behind Cloudflare’s WAF and DDoS protection, included on every plan. Layer 3, 4, and 7 protection at no extra cost.

Do you do SSL?

Yes, free auto-renewing SSL via Let’s Encrypt on every hostname. No extra fees, no renewal work for you.

Where is my data stored?

On Google Cloud, in the region you choose. Your data is encrypted at rest and in transit. Google handles physical security of the data centers; we handle logical security of your instances.

Can I add my team members?

Yes, and we don’t charge per user. Add as many collaborators to your sites and dashboard as you need.

Are you SOC 2 / ISO 27001 compliant?

Our infrastructure is. We run on Google Cloud Platform, which is SOC 2, ISO 27001, and HIPAA-eligible. Leapjuice itself is a small New Hampshire company and operates under the same compliance regime as our cloud provider.