Security at Lattify
Your training content is your intellectual property. We built Lattify with five layers of security so your data stays yours.
1. Identity and authentication
Every user is verified through Auth0 and tied to your organisation at login. Their identity token is stamped with their org ID, roles, and permissions. There is no way to accidentally - or deliberately - access another company's space.
2. Request verification
Every API request is checked before it reaches your data. We verify who you are, which organisation you belong to, and whether you're allowed to do what you're asking. Admin actions require a second layer of verification on top.
3. Tenant isolation
This is the most important layer. Your data lives in completely separate database tables and storage buckets from every other customer. There is no shared container where a bug could leak data between organisations. Each tenant's infrastructure is provisioned independently.
4. Row-level security
For relational data, the database itself enforces access rules. Staff can only see data from their own organisation. Managers can edit within their org. Even if someone bypassed the application layer, the database would still refuse to show them data that isn't theirs.
5. Infrastructure
Our backend runs inside private networks that are not accessible from the public internet. All credentials are encrypted and managed by AWS's enterprise-grade secrets service. Every infrastructure change is tracked in version control, auditable, and reproducible.
Additional protections
- Full audit trail - every state change is logged with who, what, and when
- Point-in-time recovery - data can be restored to any second in the past
- Atomic provisioning - new customer setup is all-or-nothing, no half-created accounts
- Encryption at rest and in transit - all data is encrypted using industry-standard protocols
The short version
Your data is isolated at every layer - separate databases, separate storage, separate access policies - with encryption at rest and in transit, and a full audit trail of every action.
Questions about security? Contact us at hello@lattify.co.