Security
Security Review for CISOs, Legal, DPO and procurement.
Lontra protects employee data with encryption at rest and in transit, regional residency by configuration, permissions, audit logs, configurable retention and enterprise documentation available under NDA.
Architecture overview
SaaS platform with logical organization separation, access controls and logging of sensitive operations.
Hosting and data residency
Enterprise cloud hosting with regional residency configurable by contract and customer requirements.
Encryption
AES-256 at rest, TLS 1.3 in transit, with organization-level key management where applicable.
Identity and access
SAML/OIDC SSO and SCIM on Enterprise plans. Permissions aligned with the organization model.
Audit logs
Access, exports, changes and sensitive actions can be logged for compliance review.
Data retention
Retention configurable by data type, campaign and customer requirements.
AI processing
AI models structure the material but do not make HR decisions. Sensitive processing is constrained.
Sub-processors
Maintained list available under NDA, with notification before material changes.
Certifications / roadmap
Security certification and roadmap items are communicated only when validated.
Documents under NDA
Security questionnaires, diagrams, DPA, sub-processors, retention, AI note and DPIA support.
Documents available under NDA
Security questionnaire responses
Architecture diagrams
DPA template
Sub-processor list
Data retention policy
AI processing note
DPIA support pack
FAQ
Is Lontra encrypted end-to-end?
The approved public wording is: encrypted at rest and in transit. AES-256 at rest, TLS 1.3 in transit, with organization-level key management where applicable.
Where is data hosted?
Regional residency is configurable according to contract and customer requirements.
Does Lontra make HR decisions?
No. Signals are intended for qualified human review.
Which documents are available?
Security questionnaire, architecture diagrams, DPA, sub-processors, retention, AI processing note and DPIA support under NDA.
Next step
Start with one loop.
One population. One business question. One measurable output.
30 minutes, on a call, with a human who knows your industry. No waitlist.
A company that teaches itself.