Security & Compliance

Your data security is our top priority

Our Security Commitment

At Lotshift, we understand that you're entrusting us with your most valuable business data. We take this responsibility seriously and have implemented comprehensive security measures to protect your information at every level of our platform.

Data Encryption

In Transit

  • TLS 1.3 encryption for all data transmission
  • HTTPS enforced across all connections
  • Perfect Forward Secrecy (PFS) enabled
  • Strong cipher suites and security protocols

At Rest

  • AES-256 encryption for stored data
  • Encrypted database backups
  • Secure key management system
  • Regular encryption key rotation

Infrastructure Security

  • Cloud Infrastructure: Enterprise-grade hosting with AWS/GCP
  • Network Security: Firewalls, DDoS protection, and intrusion detection
  • Access Control: Multi-factor authentication and role-based access
  • Monitoring: 24/7 security monitoring and incident response
  • Redundancy: Geographically distributed servers and automatic failover
  • Isolation: Customer data isolation and tenant separation

Application Security

  • Secure Development: OWASP Top 10 compliance and secure coding practices
  • Code Review: Mandatory peer review and automated security scanning
  • Penetration Testing: Regular third-party security audits
  • Vulnerability Management: Rapid patching and update procedures
  • API Security: Rate limiting, authentication, and input validation
  • Session Management: Secure session handling and timeout policies

Data Protection

Backup and Recovery

  • Automated daily backups with encryption
  • Multi-region backup replication
  • Point-in-time recovery capabilities
  • Regular disaster recovery testing

Data Residency

  • Option to choose data storage location
  • Compliance with regional data protection laws
  • No cross-border data transfers without consent

Compliance & Certifications

GDPR

EU data protection compliance

CCPA

California privacy law compliance

Access Management

  • Authentication: Multi-factor authentication (MFA) support
  • Single Sign-On: SAML 2.0 and OAuth 2.0 integration
  • Password Policies: Strong password requirements and expiration
  • Role-Based Access: Granular permission controls
  • Audit Logs: Comprehensive activity logging and monitoring
  • Session Security: Automatic timeout and secure token management

Employee Security

  • Background checks for all employees
  • Regular security training and awareness programs
  • Strict confidentiality and NDA agreements
  • Principle of least privilege access
  • Secure onboarding and offboarding procedures

Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 security operations center (SOC)
  • Automated threat detection and alerting
  • Defined escalation procedures
  • Rapid containment and remediation processes
  • Transparent communication with affected customers
  • Post-incident analysis and improvement

Responsible Disclosure

We welcome reports from security researchers. If you discover a security vulnerability:

  • Email us at security@lotshift.com
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue
  • We commit to acknowledging reports within 24 hours

We do not take legal action against researchers who report vulnerabilities responsibly.

Security Documentation

For enterprise customers, we provide:

  • Detailed security white papers
  • Penetration test summaries
  • Custom security questionnaire responses
  • Compliance documentation

Contact security@lotshift.com for more information.

Contact Our Security Team

For security-related inquiries:

  • Email: kabrewst@outlook.com
  • Phone: +1 (506) 304-5184
  • Address: Lotshift Inc., Fredericton, NB E3B 1E5