Security & Privacy

Employee feedback is sensitive data. Lontra is built from the ground up to protect it — hosted in the EU, encrypted end-to-end, and designed for GDPR compliance.

100% EU Hosted

All infrastructure runs in Google Cloud Platform, Belgium region. No data ever leaves the European Union.

GDPR Compliant

Full compliance with the General Data Protection Regulation. DPA available for all customers.

End-to-End Encryption

AES-256 at rest, TLS 1.3 in transit. Per-organization encryption keys for interview transcripts.

40+ Languages

Interviews conducted in the employee's native language. No translation layer — native AI models per language.

Audit Trail

Every access, modification, and export is logged. Full audit trail available for compliance reviews.

Role-Based Access

Granular permissions ensure only authorized personnel can access employee interview data.

What We Collect — And What We Don't

Lontra captures rich conversational data. That makes data governance non-negotiable. Here is exactly what enters our system — and what never does.

Live conversational data

What employees express in individual conversations — aspirations, concerns, feedback, ideas. Captured in real-time and verified for depth. This is the signal that traditional surveys never reach.

What we NEVER store

Discriminatory data — religion, ethnicity, sexual orientation, health status — is never stored. Not encrypted. Not anonymized. Not stored. Period. Our system is designed to reject it at the point of capture.

Data you can audit

Every evaluation is traceable to the exact employee quote. Every insight links to a specific moment in the conversation. No black box. No opaque scoring. Full auditability from data point to source.

Frequently Asked Questions

Where is Lontra data hosted?

All data is hosted exclusively in the European Union (Belgium). We use Google Cloud Platform with data residency guarantees — no data ever leaves the EU.

Is Lontra GDPR compliant?

Yes. Lontra is fully GDPR compliant. We process data as a data processor under a Data Processing Agreement (DPA). Employees can request access, rectification, or deletion of their data at any time.

How is employee data encrypted?

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Interview transcripts are encrypted with per-organization keys.

Can employees remain anonymous?

Yes. Organizations can configure campaigns where employee identities are not linked to responses. Lontra supports full anonymity, pseudonymity, or identified modes.

What certifications does Lontra have?

Lontra is working toward SOC 2 Type II and ISO 27001 certifications. We conduct regular penetration testing and security audits.

How long is data retained?

Data retention is configurable per organization. By default, interview data is retained for 24 months. Organizations can set shorter or longer retention periods, and data is automatically purged after the retention period.