Security

People ask us legal questions. That data is personal. We take protecting it seriously. This page explains the specific measures we use.

All data in transit between your device and our servers is encrypted with TLS 1.2 or higher. Data at rest uses AES-256 encryption. These are the same standards used by banks and major cloud providers.

User data access is limited to the team members who need it. All internal systems require multi-factor authentication. We follow the principle of least privilege — no one gets more access than their role requires.

We conduct regular internal and external security audits and vulnerability assessments to identify and remediate potential weaknesses in our systems. Our security team continuously monitors our infrastructure for suspicious activity and potential threats, employing automated tools and manual reviews.

Security is integrated into every stage of our software development lifecycle. Our developers undergo regular training in secure coding practices. We perform static and dynamic code analysis, as well as peer reviews, to identify and fix security vulnerabilities before code is deployed to production environments.

We maintain a robust data backup and disaster recovery strategy. We perform regular, encrypted backups of your data to ensure that it can be restored in the event of a technical failure or disaster. Our backup and recovery procedures are regularly tested to verify their effectiveness and minimize downtime.

We have a dedicated incident response team and a comprehensive incident response plan in place. In the event of a security incident, we are prepared to detect, analyze, contain, eradicate, and recover from the threat. We are committed to transparent communication and will notify affected users and regulatory bodies as required by law.

We carefully vet all third-party vendors and service providers to ensure they meet our stringent security standards. We require our vendors to sign data processing agreements (DPAs) that legally obligate them to protect your data and comply with applicable privacy regulations.

While we take extensive measures to protect your data, security is a shared responsibility. You are responsible for maintaining the confidentiality of your account credentials. We strongly recommend using a strong, unique password and enabling two-factor authentication (2FA) to add an extra layer of security to your account.

We value the contributions of the security research community. If you discover a potential security vulnerability in our services, please report it to our security team immediately at security@lexiber.com. We will investigate all reports and work with you to resolve any confirmed issues.