The LEADTOOLS Cloud Services are hosted on Microsoft Windows Azure and all the data processing is done within the Microsoft Azure cloud environment. Microsoft Azure is among the most secure hosting platforms on the market today, meeting the toughest compliance standards in the world including HIPAA, FedRAMP, IRS 1075, ISO 27001 and more. More information is available regarding Microsoft's security practices here: https://azure.microsoft.com/en-us/overview/trusted-cloud/.
The LEADTOOLS Cloud Services are protected with a Basic Authentication mechanism. Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password.
On top of the Basic Authentication, the LEADTOOLS Cloud Services supports encrypted data transfer with HTTPS via the use of Secure Socket Layer (SSL) as a sublayer under regular HTTP. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.
All user data is stored using Microsoft Azure Blob Storage in the Eastern US and is always in a user's complete control. There are two ways user data is deleted:
- At any time a LEADTOOLS Cloud Service user can call DeleteRequest to delete a file that has been uploaded to the services, as well as to delete any data and resulting files that were produced (such as in the case of a file conversion).
- After 24 hours, all data and files will be automatically and permanently wiped from the system.
In general, LEAD personnel will not have access to files that are uploaded to the service. Sometimes user files can contain non-standard elements that can cause service failures when passed to the LEADTOOLS Cloud Services. While these instances are rare, and we have taken every measure to ensure that this does not occur, LEAD reserves the right to allow our engineers to review the file that caused the failure for the sole purpose of troubleshooting and debugging in an effort to fix the issue. Once the issue is fixed, the file is then permanently deleted. All LEAD employees are subject to a binding NDA that protects any and all information and files submitted by LEAD customers restricting any disclosure to third parties.