Compliance & Regulatory Overview

About The Lead Standard LLC

The Lead Standard LLC is a Florida-registered limited liability company that operates and governs a portfolio of technology platforms. Our portfolio currently includes LeedAgent (a CRM and operations platform for insurance and real estate professionals) and FireGlue (multi-tenant platform services for authentication, billing, and infrastructure). As the parent entity, The Lead Standard is responsible for legal, compliance, data governance, and operational standards across all brands.

Data Handling & Privacy

• No Protected Health Information (PHI): Our platforms do not collect, store, or process protected health information as defined under HIPAA. LeedAgent is a sales and operations CRM; it does not function as an Agency Management System (AMS) or Electronic Health Records system.
• Minimal PII Collection: We collect only the personal information necessary to provide our services — names, email addresses, phone numbers, and business-related data.
• No Data Sales: We do not sell, rent, or trade personal information or opt-in consent data to third parties for marketing purposes.
• Encryption: All data is encrypted in transit (TLS 1.2+) and sensitive credentials are encrypted at rest.
• Access Controls: Role-based access controls, two-factor authentication, and audit logging are enforced across all systems.

Messaging Compliance (A2P 10DLC & TCPA)

The Lead Standard and its portfolio brands comply with all applicable messaging regulations, including the Telephone Consumer Protection Act (TCPA) and carrier-mandated A2P 10DLC registration requirements.

• All SMS messaging requires prior express written consent from the recipient before any messages are sent.
• Our brands are registered with The Campaign Registry (TCR) for A2P 10DLC messaging via approved Campaign Service Providers.
• Recipients can opt out at any time by replying STOP. Opt-out requests are honored immediately and permanently.
• We maintain detailed records of consent, including timestamp, source, and method of opt-in, for audit and compliance purposes.
• Message content complies with carrier content policies and CTIA messaging guidelines.

For more details, see our A2P 10DLC Compliance page.

Infrastructure & Security

• All services are hosted on dedicated infrastructure within professionally managed data centers with physical and network security controls.
• TLS encryption is enforced on all public-facing endpoints and internal service communication.
• Automated security monitoring, intrusion detection, and log aggregation are deployed across the stack.
• Regular vulnerability assessments and software updates are performed on all production systems.
• Database backups are performed automatically and tested for recoverability.

Third-Party Service Providers

We work with carefully selected third-party providers to deliver our services. These providers are bound by contractual obligations to handle data securely and in accordance with applicable law:

• SMS Delivery: Twilio — for reliable A2P message delivery and phone number management.
• Email Delivery: Mailgun / SendGrid — for transactional and service-related emails.
• Payment Processing: Stripe — for subscription billing and payment processing (PCI DSS compliant).
• AI Services: OpenAI — for AI-powered features within our platforms. Data sent to AI providers is limited to the minimum required for the feature and is not used for training.

Regulatory Framework

Questions & Concerns

For compliance-related inquiries, regulatory requests, or data subject access requests, please contact us:

• Email: compliance@theleadstandard.com
• Contact form: theleadstandard.com/contact

We aim to respond to all compliance inquiries within 2 business days.