{"id":57,"date":"2026-03-28T11:18:00","date_gmt":"2026-03-28T11:18:00","guid":{"rendered":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/security-and-compliance\/"},"modified":"2026-03-28T11:18:00","modified_gmt":"2026-03-28T11:18:00","slug":"security-and-compliance","status":"publish","type":"post","link":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/security-and-compliance\/","title":{"rendered":"Security and compliance"},"content":{"rendered":"<p class=\"has-large-font-size\">Lattica is built for teams that handle real work. This page covers what we do to keep your data safe and which compliance frameworks we operate under.<\/p>\n<h2>Certifications and reports<\/h2>\n<ul>\n<li><strong>SOC 2 Type II<\/strong> \u2014 annual audit by an independent CPA firm. Report available under NDA from your account manager (Business and Enterprise).<\/li>\n<li><strong>ISO 27001<\/strong> \u2014 certified, audited annually.<\/li>\n<li><strong>GDPR<\/strong> \u2014 EU data subjects&#8217; rights fully supported. DPA available on request.<\/li>\n<li><strong>CCPA<\/strong> \u2014 California Consumer Privacy Act compliance for US workspaces.<\/li>\n<li><strong>HIPAA<\/strong> \u2014 BAA available for Enterprise customers handling protected health information.<\/li>\n<\/ul>\n<h2>Encryption<\/h2>\n<ul>\n<li><strong>In transit<\/strong> \u2014 TLS 1.3 with modern ciphers; HSTS preload; older TLS versions disabled.<\/li>\n<li><strong>At rest<\/strong> \u2014 AES-256 for database storage and object storage. Keys managed in a dedicated KMS, rotated automatically every 90 days.<\/li>\n<li><strong>Backups<\/strong> \u2014 encrypted with separate keys, stored in a different region from production.<\/li>\n<\/ul>\n<h2>Data residency<\/h2>\n<p>Workspaces default to US data residency. Enterprise customers can choose EU (Frankfurt), Australia (Sydney), or Canada (Toronto). Once chosen, residency cannot be changed without a full export and re-import \u2014 pick deliberately.<\/p>\n<h2>Access control inside Lattica<\/h2>\n<ul>\n<li><strong>Role-based access<\/strong> \u2014 Member, Guest, Admin (see <a href=\"\/inviting-your-team\/\">Inviting your team<\/a>).<\/li>\n<li><strong>Project visibility<\/strong> \u2014 Private, Team, Workspace.<\/li>\n<li><strong>Audit log<\/strong> \u2014 every admin action and security-relevant event, retained for 1 year on Business, indefinitely on Enterprise.<\/li>\n<\/ul>\n<h2>Vulnerability disclosure<\/h2>\n<p>We run a private bug bounty program through HackerOne. Researchers can also email security@lattica.app with PGP-encrypted reports \u2014 our key is published at <code>lattica.app\/.well-known\/security.txt<\/code>. Critical issues get a same-day response; everything else within three business days.<\/p>\n<h2>Incident response<\/h2>\n<p>If we detect a security incident affecting customer data, we notify affected customers within 72 hours (or sooner where required). Status is published live at <code>status.lattica.app<\/code>. Post-incident, we publish a public RCA within 14 days for any incident with customer impact.<\/p>\n<h2>Penetration testing<\/h2>\n<p>External penetration tests run quarterly, by a different vendor each year. The most recent report (executive summary) is shareable under NDA.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SOC 2, ISO 27001, GDPR, encryption details, data residency options, and incident response process.<\/p>\n","protected":false},"author":0,"featured_media":58,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[72,74,39,60,73],"class_list":["post-57","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-billing-plans","tag-compliance","tag-encryption","tag-gdpr","tag-security","tag-soc2"],"_links":{"self":[{"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/posts\/57","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/comments?post=57"}],"version-history":[{"count":0,"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/posts\/57\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/media\/58"}],"wp:attachment":[{"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/media?parent=57"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/categories?post=57"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/demo.fasterthemes.com\/mywiki-wordpress-theme\/wp-json\/wp\/v2\/tags?post=57"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}