Security
How we protect client data and platform operations
Disparate LLC takes the security of client data and connected third-party accounts seriously. This page summarizes our approach for due diligence, enterprise reviews, and Meta Tech Provider verification.
Encryption
- In transit: All web applications and APIs use TLS (HTTPS) for data in transit between clients and our services.
- At rest: Sensitive credentials such as OAuth tokens for connected social accounts are stored encrypted. Production databases and object storage use provider-managed encryption.
Access controls
- Role-based access within internal tools and production systems.
- Principle of least privilege for engineering and operations staff.
- Client social connections use OAuth — we do not store client passwords for Facebook or Instagram.
- Multi-tenant workspaces isolate client projects and publishing credentials in LeadsCloud AI Studio.
Infrastructure
Our products run on established cloud providers (including Vercel for marketing sites and cloud-hosted APIs). We monitor production services and apply security updates to dependencies on a regular cadence.
Incident response
If we identify a security incident that affects client data, we will:
- Contain and investigate the issue promptly.
- Remediate root causes and document lessons learned.
- Notify affected clients when required by law or contract, with clear guidance on any actions they should take.
Report a security concern
Contact our security team for vulnerability reports or due diligence questionnaires.
Related policies
Quick access to our trust, legal, and compliance pages.