Security
How we protect client data and platform operations
Disparate LLC takes the security of client data and connected third-party accounts seriously. This page summarizes our approach for due diligence, enterprise reviews, and vendor security assessments.
Encryption
- In transit: All web applications and APIs use TLS (HTTPS) for data in transit between clients and our services.
- At rest: Sensitive credentials such as OAuth tokens for connected social accounts are stored encrypted. Production databases and object storage use provider-managed encryption.
Access controls
- Role-based access within internal tools and production systems.
- Principle of least privilege for engineering and operations staff.
- Client social connections use OAuth — we do not store client passwords for Facebook or Instagram.
- Multi-tenant workspaces isolate client projects and publishing credentials in LeadsCloud AI Studio.
Infrastructure
Our products run on established cloud providers (including Vercel for marketing sites and cloud-hosted APIs). We monitor production services and apply security updates to dependencies on a regular cadence.
Incident response
If we identify a security incident that affects client data, we will:
- Contain and investigate the issue promptly.
- Remediate root causes and document lessons learned.
- Notify affected clients when required by law or contract, with clear guidance on any actions they should take.
Report a security concern
Contact our security team for vulnerability reports or due diligence questionnaires.
Related policies
Quick access to our trust, legal, and compliance pages.
How we collect, use, and protect personal and Platform Data.
Terms governing use of disparate.ai and corporate services.
How to disconnect accounts and request deletion.
B2B services, Platform Data use, and LeadsCloud AI Studio for business clients.