L
LeAP

Compliance

Privacy Policy & HIPAA Safeguards

This summary aligns with Section 8.1 of our implementation plan and will be expanded with counsel review ahead of launch.

Introduction

LeAP (Legal Automation Partners) is committed to protecting the information you share with us and to implementing safeguards aligned with the HIPAA Security Rule whenever Protected Health Information (PHI) is in scope.

Information We Collect

We collect only the information required to respond to your requests and deliver our services: contact details (forms, Cal.com scheduling), newsletter emails (ConvertKit), lightweight analytics (Plausible/PostHog without cookies), and engagement data supplied during Clinics or Pilots (workflows, KPIs, and case metadata).

How We Use Your Information

Contact data helps us reply to inquiries and schedule KPI Baseline calls; newsletter emails receive one KPI-focused update per month; analytics data improves site performance; engagement data powers the automation and KPI dashboards you hire us to deliver.

Data Sharing & Vendors

We work with vetted vendors—Cal.com (scheduling), ConvertKit (email), Plausible/PostHog (analytics), n8n (automation), Resend (transactional email). We do not sell your information and we require similar safeguards from every subprocessor handling PHI.

Data Security

All data moves over TLS 1.3, rests on encrypted storage (AES-256), and is protected by role-based access controls plus mandatory multi-factor authentication. We run quarterly security reviews and log access to sensitive systems.

Your Rights

You may access, update, or delete your information at any time by emailing privacy@leap.law. Newsletter recipients can unsubscribe via the footer link in every message. We honor data portability requests in CSV or JSON format.

Retention

Contact form submissions are retained for two years (unless you request deletion). Newsletter data remains until you unsubscribe. Engagement data persists for the duration of an engagement plus one year for support, then is anonymized for KPI benchmarking.

HIPAA & Business Associate Agreements

We handle PHI only when Clinic or Pilot scopes require it (e.g., medical lien tracking). We execute BAAs before ingesting PHI, apply technical safeguards (encryption, access controls, audit logs), train every team member on HIPAA, and ensure subcontractors adopt the same controls. If a breach occurs, we notify affected clients within 24 hours and assist with required notices. Request a BAA at hello@leap.law (subject: "BAA Request") and expect a response within 48 hours.

Contact

Questions about privacy or HIPAA safeguards? Email privacy@leap.law.