Security & Trust

Your data is your competitive advantage. We treat it that way.

Our Security Promise

Private equity and venture capital firms trust us with their most sensitive data—portfolio company financials, fund performance, LP information. We take that responsibility seriously.

Built Secure from Day One

Bank-Level Encryption

AES-256 encryption at rest
TLS 1.3 encryption in transit
Encrypted backups
Key management separate from data storage

Zero-Trust Architecture

Multi-factor authentication (MFA) available
Role-based access controls (RBAC)
IP allowlisting (Enterprise plans)
Session management and automatic logout

SOC 2 Type II Certification

Audit scheduled for Q1 2026
Security controls implemented and operational
Built on SOC 2 certified infrastructure
Comprehensive security program in place

US-Based Infrastructure

Data stored via SOC 2 certified providers (Supabase, Railway)
US-based data centers (AWS/GCP infrastructure)
Global hosting available on request (Enterprise plans)
GDPR and CCPA compliant

AI That Doesn't Learn From You

Zero-Retention AI Processing

Your documents are never used to train AI models.

We use OpenAI with commercial zero-retention processing:

Your data is processed in real-time
Prompts are not retained beyond processing
Data is immediately discarded after processing
OpenAI does NOT train on your data
SOC 2 Type II certified AI provider

You Control Your Data

Download Anytime

Export all your data in standard formats (JSON, CSV, PDF) with one click.

Delete Anytime

Permanently delete your data from our systems. No questions asked.

Retention Control

Choose how long we keep your documents—from immediate deletion to manual control.

Our Infrastructure Partners

We don't build our own data centers or reinvent the wheel. Instead, we partner with best-in-class infrastructure providers who have proven track records securing sensitive data for thousands of companies.

Each partner was chosen for their SOC 2 Type II compliance, enterprise-grade security, and transparent security practices. When you trust us with your data, you're also benefiting from the security investments of some of the most scrutinized platforms in the industry.

Netlify

Hosting & Infrastructure

Status Page•Security

Railway

API Infrastructure

Status Page•Trust Center

Supabase

Database & Authentication

Status Page•Security

OpenAI

AI Processing

Status Page•Trust Center

Resend

Email Delivery

Status Page•Security

PostHog

Analytics

Status Page•Security

Compliance & Certifications

GDPR

COMPLIANT

CCPA

COMPLIANT

SOC 2 Type II (In Progress)

Security Policies & Documentation

We maintain comprehensive security, compliance, and operational policies. All policies are available for review upon request. They are updated at least annually.
Last Updated: January 1, 2026

AI/ML Governance

AI Bias & Fairness Assessment
AI Ethics & Responsible AI Policy
AI Model Version Control & Rollback Policy

AI/ML Model Governance Policy
Model Training Data Privacy Policy
LLM Security & Prompt Injection Prevention

Security Policies

API Security Policy
Cryptographic Standards Policy
Encryption Policy
Information Security Policy
Network Security Policy

Password Policy
Physical Security Policy
Secure Coding Standards Policy
System Access Control Policy
Vulnerability Management Policy

Data Governance

Data Anonymization & Pseudonymization Standards
Data Classification Policy
Data Deletion Policy
Data Lineage Documentation
Data Portability Policy

Data Processing Agreement (DPA)
Data Protection Policy
Data Residency & Localization Policy
Data Retention & Archival Policy
Portfolio Company Data Handling Policy

Compliance

Availability & Uptime Commitments
Breach Notification Policy
Business Associate Policy
Compliance Certifications Matrix

DORA Addendum
Export Control Compliance Statement
SEC Compliance Statement

Operational

Application Logging & Monitoring Policy
Asset Management Policy
Backup Policy
Business Continuity Plan
Change Management Policy

Customer Support Policy
Maintenance Windows Policy
Open Source Software Policy & Inventory
Software Development Lifecycle Policy
Vendor Management Policy

HR & Business

Acceptable Use Policy
Client Confidentiality & NDA Policy
Code of Conduct
Conflicts of Interest Policy

Insider Trading Prevention Policy
Onboarding & Offboarding Procedures
Remote Work Security Policy
Security Awareness Training Policy

Legal & Contractual

Investment Data Security Standards
IP Ownership & Licensing Terms
Privacy, Use, and Disclosure Policy
Responsible Disclosure Policy

Right to Audit Clause
Service Credits Policy
Subprocessor List

Incident & Risk

Disaster Recovery Plan
Human-in-the-Loop (HITL) Escalation Policy
Incident Response Plan

Mobile Device Management (MDM) Policy
Risk Assessment Policy
Scheduled Maintenance Notification Policy

Contact security@lingaai.com to request policy documentation.

Questions about security?

We're happy to discuss our security practices in detail. Contact us at security@lingaai.com