Security & Privacy

Employee feedback is sensitive data. Lontra is built from the ground up to protect it — encrypted end-to-end, regional data residency, and designed to meet local regulations.

End-to-end encryption

AES-256 at rest, TLS 1.3 in transit. Per-organization keys. Regional data residency — you choose where it lives.

Regional compliance

Meets local regulations applicable to each hosting region (GDPR for EU, equivalent frameworks elsewhere). Standard agreements available on request.

End-to-End Encryption

AES-256 at rest, TLS 1.3 in transit. Per-organization encryption keys for interview transcripts.

40+ Languages

Interviews conducted in the employee's native language. No translation layer — native AI models per language.

Audit Trail

Every access, modification, and export is logged. Full audit trail available for compliance reviews.

Role-Based Access

Granular permissions ensure only authorized personnel can access employee interview data.

What We Collect — And What We Don't

Lontra captures rich conversational data. That makes data governance non-negotiable. Here is exactly what enters our system — and what never does.

Live conversational data

What employees express in individual conversations — aspirations, concerns, feedback, ideas. Captured in real-time and verified for depth. This is the signal that traditional surveys never reach.

What we NEVER store

Discriminatory data — religion, ethnicity, sexual orientation, health status — is never stored. Not encrypted. Not anonymized. Not stored. Period. Our system is designed to reject it at the point of capture.

Data you can audit

Every evaluation is traceable to the exact employee quote. Every insight links to a specific moment in the conversation. No black box. No opaque scoring. Full auditability from data point to source.

Frequently Asked Questions

Where is Lontra data hosted?

We use Google Cloud Platform with regional data residency. You choose the hosting region at signature; data stays in the region you select.

What regulatory compliance?

We meet local regulations applicable to each hosting region (GDPR for EU, equivalent frameworks for other regions). We process data as a data processor. Standard agreement available on request. Employees can request access, rectification, or deletion of their data at any time.

How is employee data encrypted?

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Interview transcripts are encrypted with per-organization keys.

Can employees remain anonymous?

Yes. Organizations can configure campaigns where employee identities are not linked to responses. Lontra supports full anonymity, pseudonymity, or identified modes.

What certifications does Lontra have?

Lontra is working toward SOC 2 Type II and ISO 27001 certifications. We conduct regular penetration testing and security audits.

How long is data retained?

Data retention is configurable per organization. By default, interview data is retained for 24 months. Organizations can set shorter or longer retention periods, and data is automatically purged after the retention period.