Lotlinx | Trust Center
Lotlinx Trust Center
Lotlinx prioritizes your data's security and confidentiality. Our Trust Center offers insights into our data management, security measures, and compliance.
See

Resources

SOC 2 Type 1 Report

Privacy Policy

FAQs

Yes, You can request a copy above. Prior to receiving a copy of our SOC 2 Type 1 1 report, we will need a singed NDA.
Lotlinx maintains robust security practices to ensure that our customers' data are maintained to the highest degree.

Subprocessors

Google Cloud Platform

Infrastructure Service Provider

Gitlab

Git Repository Manager

Amazon Web Services

Infrastructure Service Provider

Azure

Infrastructure Service Provider

Monitoring

Continuously monitored by Secureframe

Compliance

SOC 2 Type 1

Monitoring

Change Management

Software Change Testing
Software changes are tested prior to being deployed into production.

Organizational Management

Organizational Chart
Management maintains a formal organizational chart to clearly identify positions of authority and the lines of communication, and publishes the organizational chart to internal personnel.
Security Awareness Training
Internal personnel complete annual training programs for information security to help them understand their obligations and responsibilities related to security.
Internal Control Monitoring
A continuous monitoring solution monitors internal controls used in the achievement of service commitments and system requirements.
Performance Reviews
Internal personnel are evaluated via a formal performance review at least annually
Performance Review Policy
A Performance Review Policy provides personnel context and transparency into their performance and career development processes.
New Hire Screening
Hiring managers screen new hires or internal transfers to assess their qualifications, experience, and competency to fulfill their responsibilities. New hires sign confidentiality agreements or equivalents upon hire.
Code of Conduct
A Code of Conduct outlines ethical expectations, behavior standards, and ramifications of noncompliance.
Information Security Program Review
Management is responsible for the design, implementation, and management of the organization’s security policies and procedures. The policies and procedures are reviewed by management at least annually.
Disciplinary Action
Personnel who violate information security policies are subject to disciplinary action and such disciplinary action is clearly documented in one or more policies.

Incident Response

Tracking a Security Incident
Identified incidents are documented, tracked, and analyzed according to the Incident Response Plan.

Risk Assessment

Risk Assessment
Formal risk assessments are performed, which includes the identification of relevant internal and external threats related to security, availability, confidentiality, and fraud, and an analysis of risks associated with those threats.
Risk Register
A risk register is maintained, which records the risk mitigation strategies for identified risks, and the development or modification of controls consistent with the risk mitigation strategy.

Access Security

Access Control and Termination Policy
An Access Control and Termination Policy governs authentication and access to applicable systems, data, and networks.
Asset Inventory
A list of system assets, components, and respective owners are maintained and reviewed at least annually
Unique Access IDs
Personnel are assigned unique IDs to access sensitive systems, networks, and information
Encryption-at-Rest
Service data is encrypted-at-rest.

Communications

Confidential Reporting Channel
A confidential reporting channel is made available to internal personnel and external parties to report security and other identified concerns.
Communication of Security Commitments
Security commitments and expectations are communicated to both internal personnel and external users via the company's website.
Privacy Policy
A Privacy Policy to both external users and internal personnel. This policy details the company's privacy commitments.