Leafr Trust & Compliance

Our Commitment to Your Security and Privacy

At Leafr, we know that trust is earned, not assumed.
We connect businesses with leading sustainability experts, and we take the security, privacy, and compliance of that connection seriously.

We operate to the highest standards of data protection, security, and transparency — because when you work with Leafr, you’re trusting us with your business and your brand.

Data Protection and Privacy

We comply fully with the UK General Data Protection Regulation (UK GDPR), EU GDPR (where applicable), and the Data Protection Act 2018.

• Privacy Policy:
  Details how we collect, use, store, and protect personal data for clients, consultants, and visitors.
  ➔ View our Privacy Policy
• Cookie Policy:
  Explains how and why we use cookies and similar tracking technologies.
  ➔ View our Cookie Policy
• Data Processing Agreements (DPA):
  Available for clients upon request to formalise our GDPR commitments in your contracts.

You have full control over your data at Leafr. Access, correction, deletion, or portability requests are welcome at any time.

Platform Security

Protecting your data is core to how Leafr operates.

• Encryption:
  All data is encrypted at rest and in transit using industry-standard protocols.
• Access Controls:
  Sensitive information is restricted to authorised personnel only, with access based strictly on operational need.
• Regular Assessments:
  We conduct regular security reviews to strengthen our platform resilience.
• Third-Party Management:
  Our infrastructure partners (including Airtable, Softr, and cloud providers) are vetted for strong security compliance.

We are actively progressing towards internationally recognised security certifications (including SOC 2 Type II).

Transparent Practices

At Leafr, we believe clarity builds trust.

• Our Terms and Conditions clearly explain how Leafr operates and the responsibilities of clients, consultants, and our platform.
• We maintain a zero-tolerance policy towards misconduct, data misuse, and unethical practices.
• Our vetting process for consultants includes verification of professional backgrounds and ongoing quality checks.

Your Rights

As a client, consultant, or visitor, you have full rights under GDPR and applicable privacy laws, including:

• Access to your personal data
• Correction of inaccuracies
• Deletion of your data ("right to be forgotten")
• Objection to processing
• Restriction of processing
• Data portability

You can exercise your rights by contacting us at hello@leafr.com.

Questions or Concerns?

We’re always happy to discuss our security, privacy, and compliance practices.
If you have any questions or would like more detailed information, please reach out to our team:

📧 hello@leafr.com

‍