Security Practices

Security is
not optional

Built into every layer of the platform, from infrastructure to AI.

SOC 2 Type II
AES-256 Encryption
TLS 1.3 in Transit
99.9% Uptime

Infrastructure

  • Application hosted on Vercel with global edge network and CDN
  • Database hosted on Supabase (PostgreSQL) with automated backups
  • Row-level security (RLS) policies enforce tenant data isolation
  • All infrastructure runs in SOC 2 and ISO 27001 certified data centers
  • Geographic redundancy for high availability

Encryption

  • TLS 1.3 enforced for all data in transit
  • AES-256 encryption for all data at rest
  • Database backups encrypted
  • Agent-to-server communication encrypted end-to-end
  • Secrets management via environment variables, never committed to code

Access Control

  • Role-based access control (admin and member roles)
  • Supabase Row Level Security (RLS) ensures organizations can only access their own data
  • API key authentication for device agents
  • Secure session management with SameSite and Secure cookie flags
  • CSRF protection via SameSite cookies and origin validation

Monitoring & Logging

  • Sentry integration for real-time error tracking and performance monitoring
  • Audit logging for sensitive operations (employee lifecycle changes, device commands, security actions)
  • Automated alerting for anomalous activity
  • Dashboard metrics for system health and uptime

Compliance

  • SOC 2 Type II certified
  • Built-in compliance dashboard with scoring across 5 categories: access control, encryption, monitoring, incident response, asset management
  • Cloud security audit capabilities for AWS, GCP, and Azure environments
  • GDPR compliant with data deletion, export, and consent management
  • Regular third-party security assessments

Incident Response

  • Defined incident response procedures with severity classification
  • Automated alerting for potential security incidents
  • LEX AI assists with security finding analysis and remediation guidance
  • Transparent communication with affected customers
  • Post-incident reviews to prevent recurrence

How LEX AI Handles Your Data

  • LEX AI is powered by Anthropic's Claude API (Sonnet 4.6 and Haiku 4.5)
  • Customer data is sent to the API for real-time inference ONLY
  • Anthropic does NOT use customer data to train their models
  • We practice data minimization — only relevant context is included in AI requests
  • AI responses are not stored by Anthropic after processing
  • All AI communication is encrypted in transit via TLS 1.3

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a vulnerability, please report it responsibly.

Email: hello@sentrynode.ai with subject line "Security Vulnerability"

We will acknowledge receipt within 24 hours and provide a timeline for resolution.

We do not pursue legal action against researchers who follow responsible disclosure practices.

Questions about our security practices?

Contact Us