Your Data is Protected

All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS). We do not serve any content over unencrypted HTTP.

Data at rest in our database is encrypted using AES-256 encryption managed by our cloud infrastructure provider.

Uploaded floor plans and broker assets (photos, logos) are stored in Amazon S3 with server-side encryption (SSE-S3) enabled by default.

Session tokens are signed with a rotating secret using industry-standard JWT (HS256) and stored as HttpOnly, Secure, SameSite=Strict cookies — inaccessible to JavaScript.

Leasibility AI is hosted on enterprise-grade cloud infrastructure with automatic failover and 99.9% uptime SLA.

Our database is a managed TiDB/MySQL cluster with automated daily backups retained for 30 days.

File storage uses Amazon S3 with versioning enabled. Deleted files are retained for 30 days before permanent removal.

All infrastructure access is restricted to authorised personnel via multi-factor authentication and role-based access controls.

Each user account is isolated — you can only access your own projects, reports, and broker profile. No cross-account data access is possible.

Authentication is handled via Manus OAuth, which supports Google Sign-In. We do not store passwords.

Shared report links are protected by unique, cryptographically random tokens. Only users with the exact link can view a shared report.

Admin access to production systems is restricted to the founding team and requires MFA.

Floor plans you upload are used solely to generate AI feasibility scenarios for your project. They are not shared with other users, used to train AI models, or disclosed to third parties.

Client names and headcount data you enter are stored only in your account and are not visible to other users.

We do not sell, rent, or share your data or your clients' data with any third party for marketing or commercial purposes.

AI analysis is performed using a third-party LLM API. Floor plan images may be transmitted to this API for processing. The API provider is contractually prohibited from using your data for model training.

Your projects, scenarios, and reports are retained for as long as your account is active.

If you cancel your subscription, your data is retained for 90 days to allow for reactivation or export.

After 90 days of account inactivity following cancellation, all project data, floor plans, and reports are permanently deleted.

You can request immediate deletion of your account and all associated data at any time by contacting [email protected].

In the event of a confirmed data breach affecting your personal information, we will notify affected users within 72 hours via email.

We maintain an incident response plan reviewed annually by the founding team.

Security vulnerabilities can be responsibly disclosed to [email protected]. We commit to acknowledging reports within 48 hours.