top of page

Security

Our Commitment to Security

At Luxa, the information security program is run directly by the founders ensuring rigorous data encryption and strict access controls. We use advanced technology and industry-standard processes to protect your data, making security our top priority.

 

Infrastructure 

Luxa leverages the industry-standard cloud solution AWS to ensure a secure, reliable infrastructure for processing and analyzing customer data. We benefit from their data center and system development practices. We leverage AWS best practices to ensure our systems are secure from the outside world.  We do not expose databases or other infrastructure to the public web.

 

AWS maintains an audited security program, as well as physical, environmental, and infrastructure security protections. Business continuity and disaster recovery plans have been independently validated as part of their SOC 2 Type 2 and ISO 27001 certifications. AWS security is managed in alignment with security best practices and a variety of IT security standards,  including SOC 1/SSAE 16/ISAE 3402 • SOC 2 • SOC 3 • FISMA, DIACAP, and FedRAMP • DOD CSM Levels 1-5 • PCI DSS Level 1 • ISO 9001 / ISO 27001 • ITAR • FIPS 140-2 • MTCS Level 3.

 

In addition, Luxa backend is security-hardened by:

  • Using the least privilege principle for limiting internal communication between its hosts

  • Closing all unused ports (including SSH) with AWS’s built-in firewall

  • Only allowing HTTPS communication with AWS’s most recommended TLS settings

  • Using best and modern practices for secure programming

Data Protection

We adhere to the highest data protection standards, ensuring that customer data is processed with utmost confidentiality. Luxa is committed to transparency in data handling, adhering to GDPR and other privacy regulations to protect user information. 

All data sent to or from Luxa is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Luxa is hosted by AWS and stores customer data using a combination of databases. By default, AWS provides durable infrastructure to store important data and is designed for the durability of 99.9% of objects. Automated backups of all customer and system data are enabled, and data is backed up daily at a minimum. The backups are encrypted in the same way as live production data and are monitored and alerted.

Account data is gated at the application layer. Account data is not physically segregated at the database or storage layers.

Customers can delete all their data by sending an email to security@krisp.ai. Customers can request all their data by sending an email to security@krisp.ai. Once a user account is deleted, all associated data (account settings, etc.) are removed from Luxa systems. This action is irreversible. 

Regular Security Updates

Our team regularly updates Luxa's security measures, incorporating the latest advancements to protect against emerging threats. We conduct periodic audits and vulnerability scans to maintain a robust security posture. Our software infrastructure is updated regularly with the latest security patches. Our products run on AWS networking infrastructure, which enables firewall and application security. 

Billing information 

We use Stripe to process your billing information. Card information is transmitted, stored, and processed securely on Stripe's PCI-Compliant network.

SOC-2 Type II Compliance 

To demonstrate our commitment to strong security and privacy practices to our customers, business partners, and other stakeholders, Luxa started a process to obtain SOC-2 Type II certification which is a widely recognized auditing standard developed by the American Institute of CPAs (AICPA) that focuses on the evaluation of a service organization’s controls over security, availability, processing integrity, confidentiality, and privacy., Luxa started a process to obtain SOC-2 Type II certification which is planned to be completed within the next few months. 

Access Control and Identity Management

Strict access controls limit data access to authorized personnel only, ensuring that your information remains secure. Luxa employs multi-factor authentication and detailed access logs to enhance security further.

Incident Response

Luxa has a comprehensive incident response plan to swiftly address potential security threats. Our proactive monitoring and alerting system ensures that any unusual activity is quickly identified and mitigated.

Customer Control and Transparency

We empower our users with tools to control their data within Luxa, providing clear visibility into how data is collected, used, and stored. Our privacy policy outlines these practices in detail, ensuring you're informed and in control.

This structured approach, emphasizing security, privacy, and user control, reflects Luxa's dedication to providing a safe and reliable AI solution for extracting product insights from customer calls.

Mandatory security training

All members of our team go through mandatory Security 101 training for increased security awareness during their onboarding and orientation and at regular intervals during their employment. 

Contact

If you have any questions about this document please contact us at security@krisp.ai

bottom of page