Security & Compliance
How Leide handles your data — what we control, where it lives, who can touch it. Written to be accurate; nothing here overclaims.
The five questions customers actually ask
- Is our drawing data sent to OpenAI or Anthropic for training?
No. Both providers' API tiers exclude data from training by default. We use those tiers.
- Where is our data stored?
EU regions throughout — Railway EU + Pinecone EU + Cloudflare R2 EU bucket.
- Who can see our drawings?
Only the user who uploaded them, and any team members they explicitly invited. Founders + on-call engineers have admin access for support, gated by an explicit ADMIN_EMAILS allowlist with a fail-closed default.
- Can we delete our data?
Yes. GDPR right-to-erasure honoured within 30 days of email request. Drawings, saved runs, and queries are deleted from primary storage; backups age out within a further 90 days.
- What happens if Leide goes down?
Status page at status.leide.ai (when published) plus an on-call rotation with a 30-minute response target on critical issues. Data is auto-backed-up daily; recovery within 24h.
Sub-processors
The third-party services Leide depends on. We notify customers by email if any of these change.
| Service | Purpose | Link |
|---|---|---|
| Clerk | Authentication | clerk.com |
| Anthropic | AI inference | anthropic.com |
| OpenAI | Inference + embeddings | openai.com |
| Pinecone | Vector retrieval | pinecone.io |
| Cloudflare R2 | Drawing + backup storage | cloudflare.com |
| Railway | Hosting | railway.app |
| Resend | resend.com | |
| Sentry | Error tracking | sentry.io |
| Stripe | Billing | stripe.com |
Control inventory
- Identity: Clerk-managed authentication, optional MFA, per-user data scoping at the SQL layer, fail-closed admin allowlist, CSRF tokens on state-changing requests.
- Network: HTTPS-only, Strict-Transport-Security, Content-Security-Policy (with violation reporting), X-Frame-Options DENY, X-Content-Type-Options nosniff, per-route rate limits.
- Data: Encrypted at rest (R2-managed for files, disk-level for the database), encrypted in transit (TLS), no data sold or shared with third parties, no PII in LLM prompts.
- Monitoring: Sentry error tracking with the production DSN gated, audit log for admin actions, Discord webhook for critical alerts.
- Process: Documented incident response, weekly Code Review against the staging branch, per-PR review gate.
GDPR rights
Leide is GDPR-compliant for EU residents. We honour the following data-subject rights:
- Access — copy of your data within 30 days of email request.
- Erasure — deleted from primary storage within 30 days; backups age out within a further 90.
- Rectification — corrections via the in-product profile or by email.
- Portability — CSV export of saved runs in-product; full data export on request.
- Object — one-click email unsubscribe.
On the roadmap
We don't yet hold every certification an enterprise customer might want. Here's what's coming, in honest order:
- Independent penetration test (Phase 2)
- SAML / OIDC for enterprise customers (Phase 2)
- Customer-signable Data Processing Addendum (Phase 2)
- SOC 2 Type II audit (Phase 3, when revenue justifies it)
- ISO 27001 (Phase 4)
- Public penetration-test summary cadence (Phase 3)
Contact
Security questions, vulnerability reports, or DPA requests: security@leide.ai. We respond within 24 hours business-hours CET.