Security & Compliance

Last updated: March 1, 2026

What Is RansomLeak's Commitment to Security?

Your training data is sensitive. We treat it that way. This page describes exactly how we protect it.

Our stack runs on AWS with encryption at rest and in transit, multi-tenant isolation, network segmentation, least-privilege access controls, and 24/7 monitoring.

What Compliance Certifications Does RansomLeak Hold?

We align with major security frameworks and meet the regulatory requirements our customers need.

NIST Framework

Aligned with NIST Cybersecurity Framework controls across identify, protect, detect, respond, and recover functions.

DORA

Supports EU Digital Operational Resilience Act requirements for operational resilience and ICT risk management.

Network and Information Security Directive 2

NIS2 Directive

Implements security measures aligned with EU Network and Information Security Directive for essential services.

CSA STAR Level 1

Cloud Security Alliance STAR Level 1 self-assessment demonstrating cloud security best practices and transparency.

Web Content Accessibility Guidelines 2.1 Level AA

WCAG 2.1 Level AA

Meets Web Content Accessibility Guidelines ensuring the platform is accessible to users with disabilities.

General Data Protection Regulation Compliant

GDPR Compliant

Implements technical and organizational measures required by EU General Data Protection Regulation for data privacy.

California Consumer Privacy Act Compliant

CCPA Compliant

Supports California Consumer Privacy Act requirements including data access, deletion, and portability rights.

AWS Security Best Practices

Built on AWS infrastructure following Well-Architected Framework and inheriting AWS certifications including SOC 2 and ISO 27001.

Infrastructure Compliance Features

Encryption: AES-256 encryption at rest, TLS 1.2+/1.3 encryption in transit, using AWS-managed encryption keys
Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), least-privilege IAM policies
Regular Audits: Internal security audits, vulnerability scanning, and continuous dependency monitoring
AWS Compliance: Built on AWS infrastructure certified for SOC 2, ISO 27001, FedRAMP, and other standards

How Does RansomLeak Encrypt Data?

Your data is encrypted at every stage:

Encryption at Rest: All stored data is encrypted using AES-256 encryption, including your database (RDS PostgreSQL), file storage (Amazon S3), cache (ElastiCache Redis), and application secrets
Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+/1.3 with HTTPS-only enforcement, HSTS with preload (2-year max-age), and in-transit encryption on all internal services including cache replication
Key Management: Encryption uses AWS-managed keys (SSE-S3 for object storage, RDS-managed keys for databases) with automatic rotation handled by AWS

How Does RansomLeak Isolate Tenant Data?

Each customer's data is fully isolated. No organization can access another's data:

Schema-Based Separation: Each organization's data is logically isolated using dedicated database schemas
Query-Level Filtering: All database queries include mandatory tenant identification
Access Control Validation: Application-level security controls prevent cross-tenant data access
Audit Trail: All data access is logged with tenant context for complete visibility

What Network Security Architecture Does RansomLeak Use?

Multiple layers of network security protect the platform:

Private Subnet Isolation: All application servers, databases, and caching layers operate within private subnets with no direct internet access
Network Segmentation: Amazon VPC creates isolated network environments across multiple availability zones
Firewall Configuration: Security groups act as stateful firewalls with least-privilege network access
DDoS Protection: AWS Shield Standard provides automatic protection against common DDoS attacks
Network Traffic Logging: VPC Flow Logs capture all network traffic for analysis, audit logging, and incident investigation

How Does RansomLeak Handle Access Controls and Identity?

Only the right people and systems can access your data:

Least-Privilege Principle: All system components and users operate with the minimum permissions necessary
Role-Based Access Control (RBAC): User permissions are assigned based on roles and responsibilities
Multi-Factor Authentication (MFA): MFA is available for all users (TOTP and email), mandatory for superadmin access
Temporary Credentials: Infrastructure access credentials are temporary and rotate automatically every 6-12 hours
Quarterly Access Reviews: Automated per-tenant access reviews with anomaly detection for inactive accounts and excessive privileges
SAML Single Sign-On: SAML 2.0 integration with identity providers for enterprise single sign-on
SCIM 2.0 Provisioning: Automated user and group provisioning from identity providers such as Entra ID and Okta
Account Lockout: Automatic account lockout after 5 failed login attempts with a 15-minute cooldown period
Password History: Last 12 passwords tracked per user to prevent password reuse
Compromised Password Detection: Passwords are checked against known breaches via the HaveIBeenPwned k-anonymity API

How Does RansomLeak Monitor and Audit Systems?

We monitor systems around the clock and log every action:

Security Event Monitoring: AWS GuardDuty and CloudWatch aggregate, analyze, and correlate security events with automated alerting
Continuous Security Monitoring: Our systems continuously monitor for security anomalies and suspicious activities
Application Logging: All application activities are logged to Amazon CloudWatch Logs
API Auditing: AWS CloudTrail logs all API calls for an immutable record of administrative actions
Centralized Security Findings: AWS Security Hub aggregates findings from GuardDuty, Macie, Inspector, and Config into a unified dashboard
Configuration Compliance: AWS Config monitors infrastructure with managed rules to detect configuration drift and enforce compliance
Data Loss Prevention: AWS Macie performs monthly S3 scans to detect PII and sensitive data exposure

How Does RansomLeak Handle Security Incidents?

We have clear steps for handling security events:

Breach Notification: We will notify affected parties within 72 hours of becoming aware of any personal data breach (GDPR Article 33)
Incident Detection: Our monitoring systems continuously watch for security anomalies and potential threats
Response Procedures: We maintain documented incident response procedures for consistent, effective handling

Security Contact: For security concerns or to report a vulnerability, please contact us at security@ransomleak.com.

What Is RansomLeak's Secure Development Lifecycle?

Security is part of every step in how we build software:

Secure SDLC Practices: Security considerations from initial design through deployment and maintenance
Code Reviews: Every code change undergoes peer review before being merged
Automated Code Quality: CI/CD pipeline enforces linting, strict type checking, and dependency vulnerability scanning on every change
Dependency Scanning: All third-party dependencies are automatically scanned for known vulnerabilities

What Service Level Agreements Does RansomLeak Offer?

Our uptime and response time targets:

Incident Response SLAs: Critical (1 business day), High (3 business days), Medium (7 business days), Low (14 business days)
Uptime Guarantee: We target 99.5% uptime availability with proactive monitoring
Zero-Downtime Deployments: Rolling deployments with health checks ensure zero-downtime releases

Frequently Asked Questions

What compliance frameworks does RansomLeak support?

RansomLeak aligns with GDPR, CCPA, NIST, NIS2, DORA, and CSA STAR Level 1. Our infrastructure runs on AWS, which holds its own SOC 2 and ISO 27001 certifications under the shared responsibility model.

Reports map training scores to specific control requirements. Content tracks match each framework so your training covers what auditors expect.

Where is customer data stored?

All data is stored on AWS in the US (us-east-1, N. Virginia) in SOC 2 compliant data centers. Data at rest uses AES-256 across database, file storage, and cache layers; data in transit uses TLS 1.2+/1.3 with AWS-managed encryption keys.

Backups run daily with 30-day retention and point-in-time recovery. For data transfer safeguards, see our Privacy Policy and Data Processing Agreement.

How does RansomLeak handle security incidents?

We follow a six-phase response plan: identification, containment, investigation, eradication, recovery, and post-incident review. We notify affected parties within 72 hours of confirming a personal data breach, per GDPR Article 33.

AWS GuardDuty and CloudWatch monitoring flag anomalies for fast review. We run tabletop exercises semi-annually to test our response procedures.

Does RansomLeak conduct regular security audits?

Every code change gets a peer review before merging. We scan third-party dependencies continuously using automated tools with patching SLAs: critical within 24 hours, high within 7 days, medium within 30 days.

Container images are scanned on every push to our registry. A CI/CD quality gate enforces linting, type checking, and dependency audits on every deployment.

How does RansomLeak handle data deletion and retention?

We keep training data for the duration of your subscription. When a tenant account is disabled, a 30-day grace period begins. After 30 days, all tenant data is automatically and permanently deleted: S3 files are purged, the database schema is dropped, and the tenant record is archived. Encrypted backups expire within 30 days of deletion.

Individual users can export their own data at any time via our data portability API (GDPR Article 20). GDPR erasure requests are processed within 30 days. All deletion events are logged and auditable.

Questions?

Questions about our security practices or compliance? Reach out:

RansomLeak Security & Compliance Team

Email: security@ransomleak.com

General Inquiries: info@ransomleak.com