LeenOps
All legal policies
Security - v1.0

Security Policy

LeenOps security posture for HTTPS, authentication, workspace controls, AI agent governance, and corporate vendor review.

Effective

June 13, 2026

Last updated

June 13, 2026

Document ID

LEENOPS-POL-SECURITY-v1.0

This Security Policy summarizes the public security posture for LeenOps and supports corporate vendor review, domain classification, and allowlisting.

Official public domains are leenops.com and www.leenops.com.

1. Service classification

LeenOps is a B2B SaaS website and AI agent operations platform. The Service is designed for business automation, agent governance, reporting, approvals, and operational monitoring.

The public website does not host adult content, gambling, malware, phishing pages, credential theft workflows, unsafe downloads, or deceptive software distribution.

2. Transport security

LeenOps uses HTTPS for public website and application traffic. The production domain is configured with security headers, HSTS, and a canonical public domain.

Customers and corporate IT teams should access the Service through the official public domains only.

3. Authentication and access

The public marketing website is separate from authenticated product routes. Console and workspace routes require authenticated access before users can reach product functionality.

Customers are responsible for managing workspace membership, user access, connected accounts, and internal approval workflows.

4. AI agent governance

LeenOps is built around observable AI agent runs, scoped workflow configuration, review points, operational history, and reporting.

Customers should configure agents with least-privilege access, clear instructions, approved integrations, and human review for sensitive actions.

5. Secrets and API keys

API keys, model-provider credentials, tokens, private keys, and passwords are sensitive runtime configuration.

Secrets should be entered only through approved product settings or secret-management flows. They should not be sent through email, screenshots, public contact forms, or chat messages.

6. Logging and monitoring

LeenOps may collect application logs, run metadata, error events, audit-relevant records, and security telemetry to operate, troubleshoot, and protect the Service.

Access to logs and operational systems is restricted based on business need.

7. Vulnerability reporting

Security issues can be reported to hello@leenops.com. Include the affected URL, steps to reproduce, potential impact, and contact information for follow-up.

Do not access, modify, delete, or exfiltrate data that does not belong to you. Do not perform denial-of-service testing without written authorization.

8. Corporate allowlisting

Corporate security teams can review:

  • Website: https://www.leenops.com
  • Legal hub: https://www.leenops.com/legal
  • Security policy: https://www.leenops.com/legal/security
  • Contact: hello@leenops.com

LeenOps can provide additional vendor-review information on request.

9. Incident response

If LeenOps identifies a security incident affecting customer data, LeenOps will investigate, contain, remediate, and notify affected customers as required by law and applicable agreements.

10. Contact

Security and vendor-review questions can be sent to hello@leenops.com.

Policy changelog

VersionDateSummary
v1.02026-06-13Initial public legal policy system