Leagle hosts all its Service Data in Stockholm AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn about Compliance at AWS. AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn about Data Center Controls at AWS.
Our network is protected through the use of key AWS security services, integration with our Cloudflare protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
Our network security architecture consists of multiple layers of security. More sensitive systems like database servers are protected in our most trusted zones. Other systems are housed in zones aligned with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust. A DMZ network provides a buffer between the internet and our platforms private network. The DMZ is isolated by a security gateway (Firewall)
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
In addition to our extensive internal scanning and testing program, each year we will employ a third-party security expert to perform a broad penetration test across the Leagle production network and application.
Our Security Event Management system Cloudflare will gather extensive logs from important network devices and host systems. This has alerts on certain triggers that notify our team based on correlated events that warrant investigation or a response.
We use BankID login as our first choice for all users on the Leagle platform. For Law firms we also use Roaring.io for direct secure company identification which is then authenticated through a personal hard coded BankID login.
Leagle users who do not have access to BankID login must login through the 2-factor (2FA) OTP ( One time password ) via SMS. Users must also verify their email account upon login.
Leagle also follows secure credential storage best practices by never storing passwords in human-readable format, and only as the result of a secure, salted, one-way hash.