LEADx Data Security Policy

The LEADx platform is a digital learning system for busy, modern-day managers. The goal is to help managers to apply leadership behaviors on the job, in order to increase employee engagement and team effectiveness.

The LEADx app can be used as an iOS app, an Android app, or website. Key functionality of the platform includes behavioral nudges (delivered as app notifications), action plans tied to leadership competencies, micro-learning videos and podcasts, and book summaries.

At LEADx, we know how critical security, privacy and reliability are to our customers and users. We are committed to ensuring that our platform is reliable and secure. Our Company Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality. With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.

Certified Secure Hosting

The LEADx platform is hosted with Digital Ocean with the following certifications:

  • PCI DSS Level 1
  • SOC 2 Type II
  • ISO/IEC 27001:2013 Certification
You can request the certifications here:
Digital Ocean maintains the following layers of security: Perimeter Layer includes fencing, security guards and intrusion detection technology Infrastructure Layer includes backup power generators, climate controls systems and fire suppression Data layer restricts access and privileges and is monitored for threat detection
Data Transit Protection & Encryption Data is transmitted to LEADx via encrypted tunnels. Communication between LEADx clients and our servers is encrypted via industry-standard Secure Sockets Layer (SSL), TLS/SSL.

Backup & Disaster Recovery

LEADx takes daily backups of full client databases All backups are encrypted with AES-256 before being written to the Amazon S3 Cloud Backups are replicated across multiple AWS Regions Seven days of hot backups are stored on the local SAN disk for immediate recovery Disaster recovery tests are performed semi-annually LEADx employees undergo a background check, are security trained, and oriented on privacy related to our systems.

Policy Elements

As part of our operations, we need to obtain and process information. This information includes data that makes a person identifiable such as first and last name, and email address. Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, it will be:

  • Accurate and kept up-to-date
  • Collected fairly and for lawful purposes only
  • Processed by the company within its legal and moral boundaries
  • Protected against any unauthorized or illegal access by internal or external parties

Our data will not be:

  • Communicated informally
  • Stored for more than a specified amount of time
  • Transferred to organizations, states or countries that do not have adequate data protection policies
  • Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)

In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we will:

  • Let people know which of their data is collected
  • Inform people about how we’ll process their data
  • Inform people about who has access to their information
  • Have provisions in cases of lost, corrupted or compromised data
  • Allow people to request that we modify, erase, reduce or correct data contained in our databases

LEADx Compliance with German Bundesdatenschutzgesetz (BDSG)

LEADx would be considered the Data Processor under BDSG. User identifiers provided by the client is typically first name, last name, and email address. The email address is used to send a welcome email with a link and a temporary password. Also relevant to the BDSG:

  • LEADx has a data protection officer (Lucas Carlson)
  • LEADx does not use special categories of data
  • In the pilot-phase of software evaluation, users typically volunteer to participate and freely provide their company email address
  • There are no data transfers or 3rd parties involved

Client Specific Data & Unique Identifiers

The LEADx platform does not use or store any client specific information or data other than employee name and email address, assuming SSO is not activated. This information is used to trigger a unique password. At client's request, additional employee data may be imported, such as 360-survey results or DiSC profiles.

Data Collection List

  • Unique Id
  • Email
  • First Name
  • Last Name
  • Department
  • Hire Date
  • Birth Date
  • Building
  • City
  • State
  • Country
  • Zip
  • Division
  • Team
  • Organization And Group Relationship
  • Encrypted Password
  • Reset Password Token
  • Reset Password Sent At
  • Date Sign In Count
  • Current Sign In At Date
  • Last Sign In At Date
  • Current Sign In IP Address Created At Date
  • Time Zone
  • Role
  • Notify Via Email (Yes/No)
  • Last Emailed At
  • Customized List Of Courses
  • Last App Version
  • Last App Platform
  • What And When User Interacted With
  • Feed Items
  • User Comments Left On Feed
  • User Chatbot Interactions
  • Coaching Goals & Action Plans
  • Progress Of Coaching Goals
  • Which Lessons Have Been Viewed And When
  • How Much Time Has Been Spent Watching Each Video

Date Last Revised: 5/1/2020
Date Established: 5/1/2020
Revision History: