Your data. Your control.

We take security seriously. Here is how we protect your information.

256-bit encryption

TLS 1.3 for data in transit. AES-256 encryption for data at rest. Your data is protected at every layer.

Multi-tenant isolation

Row-level security policies enforce strict data boundaries. Every query filters by organization_id. Your data never leaks to another account.

GDPR compliant

Data export, right to erasure, and privacy by design. We follow GDPR data protection principles for all users.

Full audit trail

Every action is logged with timestamp, user, and details. Compliance-ready audit trail on the Business plan.

Zero Data Retention on AI

AI features (email drafts, smart replies, summaries) route through a third-party inference provider under a Zero Data Retention agreement enforced on every request. Prompts and completions are never logged, never used to train models, and never reviewed by humans. Downstream model providers operate under the same no-retention terms.

OAuth tokens encrypted

Access and refresh tokens for Google and other connected services are encrypted with AES-256-GCM at rest using a per-record IV and authentication tag. Tokens never leave the server-side integration pipeline and are immediately invalidated on disconnect.

Data handling

Storage

Your data is stored on encrypted servers in the United States. Infrastructure is hosted on major cloud providers operating under their own industry-standard security certifications and data processing agreements.

Backups

Daily automated backups with point-in-time recovery. Backups are encrypted and stored in a separate geographic region.

Data retention

30-day retention period after account deletion. You can export all your data (contacts, companies, deals, activities) as CSV before closing your account.

Compliance

GDPR

We follow GDPR data protection principles. You can request data export, data deletion, and data portability from your account settings. Our privacy policy details how we process and protect personal data.

Data processing

We process data only as needed to provide the service. We do not sell your data to third parties. Third-party sub-processors are vetted and bound by data processing agreements.

Responsible disclosure

Found a security vulnerability? We appreciate responsible disclosure. Please review our security policy before reporting.

View security.txt

Related Resources

Help Center

Privacy Policy

How we handle your data.

Help Center

Terms of Service

Our terms and conditions.

Help Center

About

Learn about the Laureo team.

Questions about security?

We are happy to answer any questions about how we protect your data.

Contact Us