Leadermind provides behavioral insights on executive leaders so professional investors can make better equity decisions with confidence. This Information Security Policy summarizes how Leadermind protects information assets that support our products and services.
This policy establishes the principles and controls Leadermind uses to safeguard information against unauthorized access, use, disclosure, alteration, or destruction. It applies to:
All Leadermind employees, contractors, and third‑party service providers with access to Leadermind systems or data.
All environments where Leadermind data is processed, stored, or transmitted, including production, development, and backup infrastructure.
Leadermind maintains a formal information security program overseen by executive leadership and a designated security owner.
Security policies and procedures are documented, reviewed at least annually, and updated as needed.
Periodic risk assessments evaluate threats to confidentiality, integrity, and availability of data and inform control selection and prioritization.
Roles and responsibilities for security, privacy, and incident response are clearly defined and communicated.
Leadermind classifies data to ensure consistent protection based on sensitivity:
Public Data—publicly available information (e.g., transcripts, filings) and derived insights suitable for general distribution.
Internal Data—operational information not intended for public release (e.g., process documentation, non‑sensitive logs).
Confidential Data—client account information, usage details, optional uploaded datasets, and security‑relevant system information.
Handling requirements include:
Confidential Data is accessed only on a need‑to‑know basis, stored in approved systems, and transmitted via encrypted channels.
Client Confidential Data is logically separated by organization and is not used for marketing or trading purposes.
Leadermind enforces least‑privilege, role‑based access control for all systems that store or process data.
Unique user accounts are required; shared credentials are prohibited.
Strong authentication is required for administrative access and is available for client accounts.
Access requests, approvals, changes, and removals are documented and executed promptly, especially for role changes or departures.
Leadermind implements layered technical safeguards to protect information:
Encryption—all external connections use HTTPS/TLS; data at rest in production databases and backups is encrypted using industry‑standard algorithms.
Network Security—access to production systems is restricted through firewalls, security groups, and secure management interfaces.
Endpoint Protection—company‑managed devices used to access production or Confidential Data follow baseline standards (e.g., disk encryption, patched operating systems).
Logging and Monitoring—security‑relevant events (authentication attempts, permission changes, configuration modifications) are logged and monitored for anomalous activity.
Leadermind’s development practices are designed to protect data and model integrity:
Source code is maintained in version‑controlled repositories with restricted access.
Changes follow a defined process including peer review, automated testing where feasible, and approval before deployment.
Production deployments use controlled pipelines; changes are tracked and, where material, documented in release notes.
Security issues identified in code or dependencies are triaged and remediated according to severity.
Leadermind relies on vetted third‑party providers for hosting and ancillary services.
Vendors with access to Confidential Data or production environments are evaluated for security posture and contractual commitments, including data‑protection terms.
Data processing locations and subprocessors are documented and made available to clients upon request.
Access by vendors is limited to what is necessary to provide their service and is subject to monitoring and revocation.
Leadermind maintains documented procedures for security incidents and service disruptions.
Incidents are logged, triaged, contained, investigated, and remediated in a structured manner.
When required by contract or law, affected clients are notified without undue delay, along with relevant details and recommended actions.
Data is backed up regularly; recovery procedures are tested periodically to support continuity of service.
All personnel with access to Leadermind systems or data are required to:
Acknowledge and comply with information security and acceptable‑use policies.
Complete security awareness training on topics such as phishing, password hygiene, and data handling.
Report suspected security incidents or policy violations promptly through designated channels.
This Information Security Policy is reviewed at least annually and whenever significant changes occur in technology, regulations, or business operations. Leadermind supports client due‑diligence and vendor‑risk assessments by providing additional documentation under NDA as needed.
Questions regarding this policy or Leadermind’s security program can be directed to the contact provided in the client portal or through your Leadermind relationship manager.
