LeadsOnline logo

Call Us: (800) 311-2656

Security Statement

LeadsOnline ("Leads") maintains administrative, physical and technical safeguards designed to protect the confidentiality, integrity and availability of non-public information, including sensitive personal information and Data.

Independent examination and confirmation

Leads engages a qualitied independent firm to examine and confirm that its internal security controls are in accordance with the American Institute of Certified Public Accountants' Trust Services Principles and Criteria for Security and Confidentiality.

The Service Organization Control (SOC) review process confirms Leads' adherence to the AICPA's Trust Principles for Security, meaning the system is protected against unauthorized access (both physical and logical) and for Confidentiality, meaning Information designated as confidential is protected as committed or agreed.

The SOC guidelines provide an authoritative benchmark for service organizations such as Leads to demonstrate implementation of proper control procedures and practices.


"Data" means all information provided by Reporting Businesses and Law Enforcement Agencies to Leads via Leads' System about transactions, including (but not limited to) the transaction number, item number, product UPC code, quantity and ingredients, make, model, property description, serial number, name, address, identification number, telephone number, date of birth and any images recorded during the course of a transaction according to official request, statutory requirement or otherwise.

"Law Enforcement Agency" means any agency duly authorized by municipal, state county or federal government to enforce laws or investigate crimes.

"Law Enforcement Official" means a person employed and authorized by a Law Enforcement Agency to, in their official duties, access Data and/or submit Data for official use by Law Enforcement Agencies.

"Leads' System" is Leads' electronic reporting and criminal investigations system for receiving Data for access by Law Enforcement Officials.

"Reporting Business" shall mean any entity that records Data regarding (a) the receipt or sale of products regulated by law, including but not limited to the Combat Methamphetamine Act of 2005 and (b) the receipt or other disposition of merchandise or materials, and reports such Data for access by Law Enforcement Officials according to official request, statutory requirement or otherwise.

Administrative Safeguards

Terms of use of Leads' System by Reporting Businesses are found here. Terms of use of Leads' System by Law Enforcement Officials are found here.

Leads does not sell, give, transfer or otherwise make Data available to parties other than Law Enforcement Agencies or as otherwise as required by law.

Leads' ReportIt inventory system is not an investigations system and is not accessed by Law Enforcement Officers unless the ReportIt user sends personal information to a Law Enforcement Agency.

Leads requires non-disclosure agreements and limits staff access to Data to that which is needed to perform job duties. All Leads personnel submit to criminal background checks performed by appropriate third parties, including law enforcement agencies.

Leads does not perform client support or software development outside of the United States and does not store Data outside of the United States.

In the event of a security breach of personal information as defined by applicable state and federal law for which Leads is responsible, Leads will notify the individuals affected in compliance with applicable federal and state laws.

Technical Safeguards

Leads requires passwords in order to access Leads' System and Data.

Leads provides for 256-Bit Transport Layer Security (TLS) encryption in order to protect the Data against the interception and unauthorized use of information. The actual encryption strength is determined by the level of encryption supported and selected by the user's browser.

Data is secured behind firewalls isolating it from web servers in order to prevent unauthorized electronic access.

Leads uses qualified systems and services in order to identify possible security vulnerabilities.

Physical Safeguards

Data is housed within the United States at data centers that are geographically dispersed and have 1) dual-standard SSAE 16 and ISAE 3402 Service Organization Control (SOC) 1 Type II, SOC 2 Type II, and SOC 3 reports to include operations, policies and procedures, and physical and environmental security controls. 2) PCI and HIPAA compliance reports for physical security and information security policies 3) registered each year for adherence to the US-EU Safe Harbor Privacy framework and 4) necessary qualifications to house sensitive data and systems on behalf of Financial, Healthcare and Federal entities requiring the regulatory authority of PCI DSS, HIPAA, FISMA, NIST 800-53 and ITAR standards. Security measures in place 24 X 7 X 365 include, on-site security personnel, badge access, biometric authentication, man-trap, and monitored video surveillance inside and outside of the buildings.

In addition, these data centers provide redundancy and a 100% SLA for power, bandwidth, and network services.

User Responsibilities

Users are to safeguard their login credentials and passwords.

Users are responsible for using devices and browsers equipped with modern cryptography capable of connecting via a secure internet connection.

Users are responsible for securing Data accessed from Leads' System.

Law Enforcement Agencies and Reporting Businesses are responsible for promptly notifying Leads when a user is no longer employed by the organization or is otherwise no longer authorized to access Leads' System.

Users are responsible for notifying Leads via email to privacy@leadsonline.com of any condition believed may represent or result from a security incident or vulnerability, including the possible compromise of a user's password. These reports help us further enhance security.