Leads Lawyers Leads Lawyers Legal referral platform
Legal documents

Security Policy

Last updated: May 23, 2026 · Version 1.0

The security of your information is a priority for Leads Lawyers. This page describes the technical and organizational controls we apply to protect the data you entrust to us when using our forms and services.

🔒
Encryption in transit All communication with our site uses TLS 1.2 or higher (HTTPS).
🛡️
Limited access Only authorized staff and the assigned attorney access your information.
🗑️
No financial data stored We do not store credit cards, SSNs, or identity documents.
⏱️
Limited retention Inactive data is deleted or anonymized within 24 months.

1. Encryption and secure transmission

All communication between your browser and Leads Lawyers servers is encrypted using TLS (Transport Layer Security) version 1.2 or higher. The site operates exclusively over HTTPS. We do not transmit personal data over unencrypted channels.

Sensitive case data (urgency level, case history, payment intent) stored in our databases is additionally encrypted at the application level.

2. Access control

We apply the principle of least privilege: each team member only accesses the information necessary for their role. Access logs are periodically audited. The attorney assigned to your case receives only the data necessary to contact you and assess your situation.

3. What we do NOT store

Leads Lawyers does NOT collect through its public forms:

  • Social Security Numbers (SSN) or equivalent.
  • Credit card, debit card, or bank account information.
  • Copies of identity documents (passport, visa, driver's license).
  • Health information or biometric data.

If you need to share these types of documents, do so directly with the attorney once the professional relationship is established.

4. Application security controls

Our platform implements industry-standard technical defenses, including:

  • CSRF tokens on all forms to prevent unauthorized submissions.
  • Input sanitization to prevent code injection (XSS, SQL injection).
  • Rate limiting on sensitive endpoints.
  • Audit logs of operations on personal data.

5. Infrastructure providers

We operate on cloud infrastructure from providers that maintain recognized security certifications. All providers with access to personal data are subject to contractual agreements prohibiting them from using your information for their own purposes.

6. Incident response

In the event of a security breach affecting personal data, we commit to:

  • Investigating and containing the incident as quickly as possible.
  • Notifying affected users by email within a reasonable timeframe when required by law or when the risk warrants it.
  • Implementing corrective measures to prevent recurrence.

7. Your role in security

Security is a shared responsibility. We recommend:

  • Do not share your consultation tracking code with third parties.
  • Use secure connections (avoid public Wi-Fi) when completing forms with sensitive information.
  • Verify the site URL begins with https:// before entering any data.

8. Reporting a security issue

If you discover a vulnerability or have concerns about the security of your data, please contact us immediately. We commit to acknowledging your report within 48 hours and investigating responsibly.

Leads Lawyers — Security Team

Email: security@leadslawyers.com

Suggested subject: "Security Report"

We will not pursue legal action against researchers acting in good faith.