LeagueApps Security Policy
LeagueApps, Inc. has created this security policy ("Security Policy") in order to demonstrate our commitment to safeguarding our customers’ data using commercially reasonable and appropriate security controls for such data that we obtain from you on our mobile sites and applications, (the "Site") and the services, features, content, or applications we offer (collectively with the Site, the "LeagueApps Platform" or "Service").
We reserve the right to change this Security Policy from time to time. Please review this Security Policy frequently to remain informed of LeagueApps information security practices.
Our information security program is designed to assess, educate, protect, detect, and respond to security incidents. It includes controls and procedures from the PCI-DSS standard as well as other industry standards and best practices.
We conduct automated scans of all our production environments, looking for missing patches and vulnerabilities.
We follow alerts issued by various vendors and security groups, especially related to newly found vulnerabilities, also called zero-day vulnerabilities. For example, one such security exploit alerting system we follow is managed by the Department of Homeland Security (https://www.us-cert.gov/).
We maintain anti-virus and anti-malware controls on all our production systems and networks. We review our firewall traffic on an ongoing basis and firewall policies periodically to ensure we only allow legitimate traffic in.
We protect sensitive data in transit with strong encryption and selectively use data at rest encryption, tokenization, and data masking.
Payment Processing Security
In addition to our Data Security, we employ specific controls to maintain the necessary level of security for credit card transaction processing.
LeagueApps is a PCI Level 2 merchant, and must maintain compliance with the PCI DSS standard. We are self certified as a level 2 merchant. The LeagueApps SAQ-A Attestation of Compliance can be found here.
The LeagueApps Platform does not directly process or store credit card data. We rely on our Payment Processing partners, Stripe, Authorize.net and PayPal, to perform the actual handling and secure storage of credit card data, and processing of credit card transactions. Our Payment Processing partners are certified as PCI Level 1 Service Providers and are listed on the VISA CISP website.
More information can be found here:
Our hosting providers, Google Cloud Platform (GCP) and Amazon Web Services (AWS), are PCI compliant and have completed the industry standard SOC 1 and SOC 2 certifications. This includes controls and processes such as multi-factor authentication, role-based access controls (RBAC), highly redundant utilities, and a strict change management processes.
More information can be found at:
Questions regarding this Security Policy or the security-related practices of the Site should be directed by sending an email to firstname.lastname@example.org
Effective Date: This Security Policy is effective as of August 1, 2018.