Security at LowerPlane

We practice what we preach. LowerPlane is built on enterprise-grade security controls.

SOC 2 Type 2

Certified
Since 2024

ISO 27001

Certified
Since 2024

GDPR

Compliant
Since 2024

Security Controls

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Field-level encryption for sensitive data
  • Customer-managed encryption keys (CMEK)

Access Control

  • Multi-factor authentication (MFA) required
  • Role-based access control (RBAC)
  • Least privilege principle
  • Session timeout and automatic logout

Infrastructure Security

  • AWS/GCP infrastructure with isolated tenancy
  • Network segmentation and VPCs
  • DDoS protection via Cloudflare
  • Web application firewall (WAF)

Monitoring & Response

  • Real-time security monitoring (SIEM)
  • 24/7 incident response team
  • Automated threat detection
  • Quarterly penetration testing

Compliance & Auditing

  • Comprehensive audit logs (immutable)
  • Annual SOC 2 Type 2 audits
  • Third-party security assessments
  • Vulnerability scanning and patching

Data Residency

  • US, EU, and Asia-Pacific regions available
  • Customer data never leaves selected region
  • GDPR-compliant data processing
  • Data Processing Agreements (DPAs) available

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to Report

Email: security@lowerplane.com

Include detailed steps to reproduce, potential impact, and any proof-of-concept code.

Our Commitment

  • • Response within 24 hours
  • • Regular updates on remediation progress
  • • Recognition in our security acknowledgments
  • • Bug bounty rewards for qualifying vulnerabilities

Want to see our security reports?

Request our SOC 2 Type 2 report and security documentation

Request Security Reports