In the end, you
have to supply the data to Leaflet, in an unencrypted form that Leaflet can understand and use. If these data are proprietary, then you should restrict access to the web-site itself. Before you grant access to the site ... which, say, is on a
VPN-protected server not on the ordinary Internet ... you require that the recipients sign and notarize a written contract supplied by your attorney. When you first go to the well-protected site, a startup page repeats your copyright declaration and that "use of this site is restricted to authorized licensees only, and subject to the terms of the contract."
Blah, blah, blah. (And you have, of course,
registered your copyright for the site programming itself.)
At this point, in the eyes of the law, anyone who does mess with your data "has clearly committed an Intentional Tort" against you. (In fact, "breaking and entering.") A defense of "innocent infringement" cannot possibly be sustained.