Security & Privacy
Learn about passkeys, two-factor authentication, login security, and how LeyApp protects your data.
Last updated: March 22, 2026
Your security on LeyApp
LeyApp takes your security seriously. We offer multiple layers of protection for your account, including passkeys, two-factor authentication (2FA), and secure session management.
Passkeys & biometric login
Passkeys are a modern, passwordless way to sign in. Instead of typing a password, you authenticate using your device's biometrics (Face ID, Touch ID, fingerprint) or a security key.
Passkeys are more secure than passwords because they can't be phished, guessed, or leaked in a data breach. They're tied to your specific device and protected by your biometrics.
Supported devices
- iPhone / iPad — Face ID or Touch ID
- Android — Fingerprint or face unlock
- Desktop — Windows Hello, macOS Touch ID, or a USB security key
Set up a passkey for the fastest and most secure login experience. You can always fall back to your password if needed.
Two-factor authentication (2FA)
Two-factor authentication adds an extra layer of security by requiring a temporary code from an authenticator app in addition to your password.
Even if someone knows your password, they can't log in without the code from your authenticator app.
How to set up 2FA
- Go to Settings, expand Security, and select Two-Factor Authentication
- Download an authenticator app (Google Authenticator, Authy, 1Password, or Microsoft Authenticator)
- Scan the QR code displayed on screen with your authenticator app
- Enter the 6-digit code from the app to verify and enable 2FA
Login security
LeyApp supports multiple secure login methods: email/password, Google, Microsoft, Apple, magic links, and passkeys. You can use any combination that works for you.
All login sessions are secured with encrypted cookies and automatic session refresh. If you sign in on a new device, you may be asked to verify your identity.
How we protect your data
All data is encrypted in transit (TLS 1.3) and stored in secure, EU-based data centers (Paris region). We follow the principle of least privilege — only the data needed for the service is collected.
We comply with GDPR, the Spanish LOPDGDD, and implement strict Content Security Policies (CSP) to prevent cross-site scripting attacks.
Under GDPR, you have the right to access, correct, export, or delete your personal data at any time. Visit Account Settings or contact us to exercise these rights.
Exporting your data
You can request a full export of your personal data from Account Settings. The export includes your profile information, booking history, and any reviews you've left or received.