Data Security Policy.
Last updated: April 2026.
Purpose
This policy defines the controls B2B Leo applies to protect the confidentiality, integrity and availability of the business data we process for clients.
Encryption
All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Encryption keys are rotated regularly and managed under strict separation of duties.
Access control
Access is granted on a least-privilege, need-to-know basis. Every account requires multi-factor authentication, and privileged access is logged and reviewed quarterly.
Network and infrastructure
Production environments are isolated, firewalled and continuously monitored. Vulnerability scans and patch cycles run on a defined schedule, with critical fixes prioritized.
Monitoring and logging
Security events are centrally logged, retained and reviewed. Anomaly detection alerts the security team to suspicious activity in near real time.
Incident response
We maintain a documented incident response plan with defined roles, escalation paths and notification timelines. Affected clients are informed without undue delay.
Third parties
Sub-processors are vetted, contractually bound to equivalent controls and reviewed periodically. A current sub-processor list is available on request.
Contact
Report a security concern or request our security documentation at security@b2bleo.com.
Let's build a pipeline you can actually close.
Tell us your ICP, your goals, and one painful bottleneck. We'll come back with a concrete 30-day plan — no pitch deck, no pressure.