Information Security Overview

Effective Date: February 12, 2026

This overview is intended to provide clarity regarding the security protocols implemented to safeguard information stored through our Services. Please note that your use of our Services remains governed by the Terms of Use at all times. Any terms referenced within this Security Policy that are not defined herein shall carry the meanings assigned to them in the Terms of Use.

We retain the right to modify this Security Policy periodically. Your access to and use of the Services will be governed by the Security Policy currently in effect at the time of such access or utilization. Should there be any substantive amendments to the Security Policy, notification will be provided through a notice on www.nslcleaders.org, via email, or through alternative communication channels. Continued use of the Services following any posted changes constitutes acceptance of those modifications.

Infrastructure

Our system is hosted in a state-of-the-art, highly scalable cloud computing platform with high availability and dependability. Our infrastructure provider has been designed and managed in alignment with regulations, standards and best-practices.

NSLC also utilizes a Content Delivery Network to help protect against common malicious attacks, such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM) attacks, and packet sniffing.

Security Assessments and Compliance

We conduct automated scans of our non-production and production environments, looking for missing patches and vulnerabilities on a regular basis. We do similar tests on our web applications, including penetration testing exercises and code scanning. We also implement anti-virus, anti-malware, and firewall protection throughout our infrastructure and on all of our devices.

As part of our commitment to security, we are pursuing SOC2 Type 1 compliance.

Access

All data storage services require user authentication to perform a particular action. Role-based access control is implemented which follows the principle of least privilege, and designed to ensure that a specific user can only take actions authorized for its role.

Encryption

All data stored is encrypted at rest with AES 256-bit encryption, which is the industry gold standard for encrypting data. Data is encrypted using a key stored in a key management service through our infrastructure provider. Encryption keys are rotated on a regular schedule.

Transfers

Your data is sent between your web browser and our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure internet network connections.

Backups

All data is backed up continuously and with periodic snapshots. Every backup is encrypted. Redundant backups occur in multiple locations to prevent the remote possibility of data loss.

Logging

System logs are standardized across services and log data hosted on our servers is also encrypted. Logs are kept for debugging purposes and maintained with the same security policies as customer data.

Procedures in the Event of a Security Breach

While the likelihood of a security breach is low, we follow standardized procedures to contain, classify, and report a security breach in the event that it occurs.

• Containment
  The first priority after a security breach is discovered is to contain the breach and notify supervisory personnel as quickly as possible. For any category of breach, the data must be secured, and the reasonable integrity, security, and confidentiality of the data or data system must be restored.”
• Classification
  The next step is to determine the exact nature of the breach in terms of its extent and seriousness.
• Reporting
  As soon as a breach has been identified, the employee who discovered it must take immediate steps to report the breach to his or her supervisor. The supervisor must take immediate action to determine the extent and category of the breach and to take such further action as is necessary to contain the breach. In all cases of a breach, all parties involved must be notified as soon as practicable. The supervisor must document the breach, noting the category involved, the scope of the breach, steps taken to contain the breach, and the names or categories of persons whose personal information was, or may have been, acquired by an unauthorized person.
• Notification
  NSLC will notify affected users without unreasonable delay. Notification shall be clear and conspicuous and include a description of the incident in general terms, the type of information that was subject to the unauthorized access and acquisition, and the actions taken to protect the personal information from further unauthorized access. Notification will be provided by email.

Privacy

A copy of our full Privacy Policy can be found at www.nslcleaders.org/privacy-policy.

We guard your privacy to the best of our ability and work hard to protect your information from unauthorized access, and we employ a number of physical and electronic security measures to protect user information from unauthorized access.

NSLC conducts a thorough background check on all of its employees and only employees that need access to your information (including your Personal Information) in order to perform their jobs are allowed such access. All NSLC employees are informed about their responsibility to protect your privacy, and we give them clear guidelines for adhering to our own business ethics standards and confidentiality policies. Any employees who violate our privacy and/or security policies will be subject to disciplinary action, and if the violation warrants, they will be terminated and may be charged with civil and or criminal prosecution.

Compliance with Laws and Law Enforcement

In compliance with applicable laws, NSLC cooperates with law enforcement when it receives valid legal process.

I think I’ve found a security exploit. Where do I report security concerns?

We take a number of measures to ensure that the data you store with us is safe and secure, but we recognize that no system can guarantee data security with 100% certainty. For that reason, we will continue to innovate to make sure that our security measures are state of the art, and we will investigate any and all reported security issues concerning our Services. For a direct line to our security experts, report security issues to privacy@nslcleaders.org.