Lensym← Back home

Security Practices

Technical and organizational security measures

Security Practices

Our comprehensive approach to protecting your data through technical safeguards, organizational measures, and industry best practices.

Last updated: September 14, 2024
Version 1.3

Security Framework

Our overall approach to information security

Lensym implements a comprehensive security framework based on industry standards including ISO 27001, NIST Cybersecurity Framework, and GDPR security requirements.

Preventive

  • Access controls
  • Encryption
  • Authentication
  • Network security

Detective

  • Monitoring
  • Logging
  • Intrusion detection
  • Vulnerability scanning

Responsive

  • Incident response
  • Backup & recovery
  • Breach notification
  • Continuous improvement

Data Encryption

How we protect data in transit and at rest

Encryption Standards

Data in Transit
  • TLS 1.3 for all web traffic
  • Perfect Forward Secrecy
  • HSTS enforcement
  • Certificate pinning
Data at Rest
  • AES-256 encryption
  • Encrypted database storage
  • Encrypted file systems
  • Hardware security modules

Key Management

  • Separate encryption keys for each customer
  • Regular key rotation (every 90 days)
  • Hardware security module (HSM) protection
  • Multi-person authorization for key operations

Access Controls

How we control who can access what data

User Authentication

  • Multi-factor authentication (MFA)
  • Passkey support (WebAuthn)
  • TOTP authenticator apps
  • Strong password requirements
  • Account lockout protection

Administrative Access

  • Principle of least privilege
  • Role-based access control (RBAC)
  • Just-in-time access provisioning
  • Regular access reviews
  • Privileged access monitoring

Data Isolation

Each customer's data is logically separated and encrypted with unique keys:

  • Multi-tenant architecture with strict isolation
  • Customer-specific encryption keys
  • Database-level access controls
  • Application-layer authorization

Infrastructure Security

How we secure our hosting and network infrastructure

Hosting Environment

Vercel (Primary Hosting)
  • SOC 2 Type II certified
  • EU data residency
  • DDoS protection
  • Automated scaling
Cloudflare (CDN/Security)
  • Web Application Firewall
  • DDoS mitigation
  • Bot protection
  • Rate limiting

Network Security

  • Firewalls: Multiple layers of network filtering
  • VPC isolation: Private networks for sensitive operations
  • IP allowlisting: Restricted administrative access
  • Network monitoring: Real-time traffic analysis

Application Security

How we secure our software and development practices

Secure Development

Code Security
  • Static code analysis
  • Dependency vulnerability scanning
  • Code review requirements
  • Automated security testing
Deployment Security
  • Infrastructure as Code
  • Immutable deployments
  • Automated security patches
  • Container security scanning

Runtime Protection

  • Input validation: All user inputs sanitized and validated
  • SQL injection protection: Parameterized queries and ORM safeguards
  • XSS prevention: Content Security Policy and output encoding
  • CSRF protection: Token-based request validation

Monitoring and Incident Response

How we detect and respond to security threats

24/7 Monitoring

  • Real-time security alerts
  • Anomaly detection
  • Failed login monitoring
  • Suspicious activity tracking
  • Performance monitoring

Incident Response

  • Defined response procedures
  • Automated containment
  • Forensic investigation
  • Customer notification
  • Post-incident review

Response Timeline

Detection to containment< 1 hour
Customer notification< 72 hours
Full investigation< 30 days

Data Backup and Recovery

How we protect against data loss

Backup Strategy

3-2-1
Backup Rule
4x
Daily Backups
99.9%
Recovery Success

Recovery Capabilities

  • Point-in-time recovery: Restore data to any point in the last 30 days
  • Geographic redundancy: Backups stored in multiple EU regions
  • Automated testing: Monthly recovery drills and validation
  • RTO/RPO targets: 4-hour recovery time, 15-minute data loss maximum

Compliance and Auditing

Our commitment to security standards and regular assessments

Standards Compliance

  • GDPR (General Data Protection Regulation)
  • ISO 27001 aligned practices
  • NIST Cybersecurity Framework
  • SOC 2 Type II (in progress)

Regular Assessments

  • Annual third-party security audits
  • Quarterly vulnerability assessments
  • Monthly penetration testing
  • Continuous compliance monitoring

Employee Security

How we ensure our team follows security best practices

Security Training

Onboarding
  • Security awareness training
  • Privacy law education
  • Incident response procedures
  • Data handling protocols
Ongoing
  • Monthly security updates
  • Phishing simulation tests
  • Annual security certification
  • Threat intelligence briefings

Access Management

  • Background checks: All employees undergo security screening
  • Need-to-know basis: Access limited to job requirements
  • Regular reviews: Quarterly access certification
  • Immediate revocation: Access removed within 1 hour of termination

Contact Our Security Team

How to report security issues or ask questions

Security Questions

Email: security@lensym.com
For: General security inquiries
Response time: Within 24 hours

Vulnerability Reports

Email: security@lensym.com
Subject: [SECURITY] Vulnerability Report
Response time: Within 4 hours

Responsible Disclosure

We appreciate security researchers who help us keep Lensym secure. Please report vulnerabilities responsibly and we'll work with you to address them promptly.