How we handle your data

We only collect what we need to catch what’s hurting you.

LeakSource is built around data minimization. We don’t want your entire business in our hands — only the logs, exports, and evidence required to prove or disprove leaks, fraud, or compromise.

Data minimization Scoped access Defined retention Secure deletion

High-level data categories

Depending on your case, we may work with:

Revenue & transaction data — orders, refunds, redemptions, payouts.
Account & session data — IDs, device fingerprints, IPs, login history.
Program & loyalty data — points, coupons, discounts, redemptions.
Operational logs — staff actions, admin changes, backend events.

We typically do not need full card numbers, full SSNs, or entire customer profiles. When possible, we ask you to send redacted or tokenized data.

Want to know if a dataset is safe to share? Email it in abstract (no real examples) to inquiries@leaksource.us and we’ll tell you exactly what we do or don’t need.

Retention & deletion

Our default posture is: keep data just long enough to be useful, then kill it.

Active engagement: data is stored for the life of the investigation.
Stabilization window: limited retention to support follow-up questions.
Destruction: your data is scheduled for secure deletion once the window closes.

If your legal, compliance, or HR team needs a different retention schedule, we’ll capture that in writing before work begins.

Summary

What we collect vs. why we collect it

Type

Purpose

Logs & transactions

Identify fraud patterns, revenue leaks, and compromised accounts.

Account metadata

Correlate suspicious logins, devices, locations, and behaviors.

Program data

Detect loyalty abuse, coupon loops, and reward farming.

Configuration snapshots

Understand how your systems are wired so we can model attack paths.

Contact details

Keep your decision-makers in the loop and deliver findings securely.

Data handling commitments

We never sell your data to anyone. Period.
We don’t use your data to build “audiences” or marketing lists.
We don’t train public AI models on your data.
We only use your data to investigate your case, improve our internal detection playbooks, and protect you.

Sub-processors & storage

We may use reputable cloud providers and security tools to host analysis environments, store encrypted evidence, or send secure communications. On request, we can provide a current list of core vendors used for your engagement.

If your organization requires data residency or vendor restrictions, we’ll align our workflows before onboarding any data.

Your rights & questions

If you’re a client, prospect, or end-customer and have questions about how LeakSource handles data related to you or your business, contact:

Email: inquiries@leaksource.us
Subject line: Data handling / privacy question