Privacy Policy

LeapFILE requires customers who register to use the service to provide contact information and billing information. All information collected by LeapFile is confidential



LeapFILE may use the information to contact customers to further discuss customer interest in LeapFile and to send information regarding our company or partners. Customer email addresses will not be distributed or shared. Customers can at any time opt of out being contacted by or, or receiving such information from us, at any time by sending and email to optout@leapfile.com.


Because the Service is a hosted, online application, LeapFILE occasionally may need to notify all users of the Service (whether or not they have opted out as described above) of important announcements regarding the operation of the Service. In order to deliver the Service to you, we may collect the following types of information:.

1. Cookies or tokens
When you use LeapFile, we send a small file containing a string of characters to your computer or other device that uniquely identifies your browser. This is called a “cookie” when you are visiting a website such as leapfile.com. This is called a “token” when accessing a service at the desktop or mobile device. We use cookies and tokens to improve the quality of our service, including for storing user preferences. You can choose to disable all cookies or tokens, but LeapFILE may not function properly if you disable them.

2. Log information
When you access LeapFILE, our servers automatically record information such as your web request, Internet Protocol address, browser type, and the date and time of your request.


California Privacy Notice

Under the California Consumer Privacy Act of 2018 (the "CCPA"), California residents are granted the following rights related to their personal information.


1. Right to know:
California residents have the right to request that we disclose what personal information is collected, used, shared or sold by us.

2. Right to delete:
California residents have the right to request that we, and our service providers, delete the personal information we have on you.

3. Right to opt-out:
California residents have the right to direct us to cease the sale of their personal information, in the event we "sell" personal information as that term is defined by the CCPA.

4. Right to non-discrimination:
We may not discriminate against California residents in terms of price or service when they exercise their privacy rights under the CCPA.


HIPAA Compliance

All PHI ("Protected Health Information") data stored in LeapFile is secured in accordance with HIPAA ("Health Insurance Portability and Accountability Act of 1996"). LeapFile will also sign Business Associate Agreements (BAAs) with all clients who plan to store PHI in the cloud.


Security At-A-Glance

LeapFILE implements several layers of security to ensure confidentiality during the file transfer process. Each layer of protection reinforces other layers to create a comprehensive security net that protects data, authenticates users, enforces granular access to information, and automatically produces a detailed audit trail of changes in file custody. Data is always encrypted, end-to-end.

Key HIPAA requirements

LeapFile ensures HIPAA compliance through several important features:

1. Data encryption (both in transit and at rest).

2. Restricted physical access to production servers.

3. Strict logical system access controls.

4. Reporting and audit trail of account activities (on both users and content).

5. Training of employees on security policies and controls.

6. Highly restricted employee access to customer data files.

While Healthcare organizations can trust LeapFILE to protect sensitive patient information and maintain HIPAA compliance, they are responsible for configuring LeapFile in a HIPAA-compliant manner and for enforcing organizational policies to meet HIPAA requirements.




GDPR Compliance

The GDPR ("General Data Protection Regulation") is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It came into effect on May 25, 2018. LeapFILE meets all the requirements of the GDPR. LeapFILE’s European servers are in a datacenter accredited to certification for ISO 27001. LeapFILE is also compliant with widely-accepted security and privacy standards and regulations, such as SOC 2 and HIPAA. LeapFILE is committed to helping customers become GDPR-compliant!


Security At-A-Glance

LeapFILE implements several layers of security to ensure confidentiality during the file transfer process. Each layer of protection reinforces other layers to create a comprehensive security net that protects data, authenticates users, enforces granular access to information, and automatically produces a detailed audit trail of changes in file custody. Data is always encrypted, end-to-end.

Key GDPR requirements

The GDPR requires organizations to provide more information about the way individuals’ information is used. LeapFILE gives you full control of your access controls that allow administrators to grant, disable or delete user access through the administrator panel. LeapFILE also allows administrators to have full visibility into how information is exchanged with detailed audit logs.


Information Transparency

The GDPR requires organizations to provide more information about the way individuals’ information is used. LeapFILE gives you full control of your access controls that allow administrators to grant, disable or delete user access through the administrator panel. LeapFILE also allows administrators to have full visibility into how information is exchanged with detailed audit logs.


Data Residency

Under the GDPR, “Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.” For customers who wish to enhance their compliance story, LeapFILE offers the option to use European-based infrastructure to satisfy this need. European servers are in a datacenter accredited to certification to ISO 27001.


Data Protection Addendum ("DPA")

To help meet compliance with the GDPR, a Data Processing Addendum is available for all customers. Once signed, customers can provide the DPA to auditors to show that they use LeapFILE in a way that lets them demonstrate their data is being processed in a way that meets their GDPR compliance obligation.


Questions or Additional Information:

If you have questions regarding this Agreement or wish to obtain additional information, please send an e-mail to info@LeapFILE.com.