Start for Free
At Lightspin we secure and protect the information of customers, partners, and users from across the globe, from code to cloud.
Request a demo
Our business is cloud security, and we take the responsibility of protecting our customer data seriously. Built from the ground up with security in mind, Lightspin is committed to keeping customer data safe and secure at rest and in transit for your cloud and hybrid environment deployments. We provide additional administrative and technical safeguards around Identity & Access Management providing least-privileged access to environments and utilize advanced identity security capabilities. Additionally, we have a stringent Secure Software Development Lifecycle (SSDLC) program that adheres to best practices within the OWASP Top 10 and ensures that misconfigurations, vulnerabilities, and general weaknesses do not make it beyond our source control.
We provide our users with a service, and they look to us to adhere to security and compliance best practices in the market. Lightspin continually monitors changing compliance measures to assure that we continue to comply with international standards and regulations to keep our customers’ data safe.
The Lightspin platform runs on Amazon Web Services (AWS). We recommend you also review their compliance information at aws.amazon.com/compliance, and the Lightspin Security and Platform teams adhere to the AWS Security Foundational Best Practices, AWS CIS Benchmark, and other relevant AWS-specific infrastructure security standards and best practices. In addition, we also comply with or are attested to against the following.
SOC 2 is a means for ensuring a service provider secures customer data, and the SSAE 18 audit standard assures customers that a provider’s security apparatus is working smoothly. Our SOC 2 Type II report covers security, availability, and confidentiality trust service criteria and is available under NDA to current and prospective customers.
The Health Insurance Portability and Accountability (HIPAA) act is designed to help protect people’s healthcare data. Organizations such as hospitals, doctors' offices, health plans, or companies dealing with protected health information (PHI) are required to be HIPAA-compliant. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf.
One of the core and guiding tenants of our company’s culture is the concept of transparency. We believe that when it comes to security, compliance, and privacy, transparency is key. This extends to our platform performance as well – whether it pertains to uptime, incidents, or service level agreements – we commit to always publicly disclosing relevant information to our customers and partners.
If you have any questions or suggestions about how Lightspin approaches security, privacy, or compliance, please feel free to reach out to our team. We offer safe harbor for any individual who wishes to ethically disclose any vulnerabilities as part of their research.
Please reach out to us at [email protected]