Data Security Policy

Auvelos LLC · Last updated June 20th, 2026

1. Overview

Auvelos LLC ("LeadUp") applies technical and organizational measures designed to protect the confidentiality, integrity, and availability of the data we process. This page summarizes our practices; it is not a warranty and our controls evolve as the service and threat landscape change.

2. Encryption

  • In transit — traffic to our website, dashboard, and APIs is encrypted using TLS. Call media is carried over our telephony provider's secure transport.
  • At rest — data stored in our cloud databases and storage is encrypted at rest.

3. Access control and authentication

  • Dashboard access requires an account and authenticated session.
  • Passwords are stored only as salted hashes, never in plaintext.
  • Internal access to systems and data follows least-privilege principles and is limited to personnel who need it.

4. Infrastructure

The service runs on Amazon Web Services (AWS). We rely on AWS's physical and network security and configure our environment to isolate workloads and restrict access. AI processing (speech-to-text, language model, text-to-speech) runs within our cloud environment.

5. Logging and monitoring

We log operational events to detect and investigate issues and security events. Access to logs is restricted, and we work to minimize sensitive content in logs.

6. Sub-processor diligence

We use a limited set of vetted sub-processors (e.g. AWS, Twilio, Stripe) bound by contractual data-protection and confidentiality obligations. See our Privacy Policy for the current list.

7. Incident response and breach notification

We maintain procedures to respond to security incidents. In the event of a personal data breach, we will notify affected customers and, where required, regulators and data subjects, in line with applicable law and our agreements.

8. Healthcare customers (HIPAA)

For HIPAA-covered customers, LeadUp acts as a Business Associate under a signed Business Associate Agreement and applies the administrative, physical, and technical safeguards required to handle protected health information (PHI).

9. Your responsibilities

  • Keep your account credentials confidential and use a strong, unique password.
  • Manage who in your organization has access to your account.
  • Notify us promptly if you suspect unauthorized access.

10. Reporting a vulnerability

If you believe you have found a security vulnerability, please contact us at info@auvelos.com. We appreciate responsible disclosure and will work with you to investigate and address valid reports.