Security Overview
LH42 is built with enterprise security requirements in mind.
Data Protection
Encryption at Rest
All data is encrypted using AES-256 encryption.
Encryption in Transit
All API communications use TLS 1.3.
Data Isolation
Each organization's data is logically isolated at the storage level.
Authentication
- API Keys: Scoped access tokens for programmatic access
- OAuth 2.0: For applications acting on behalf of users
- SSO/SAML: Enterprise single sign-on integration
Access Control
Role-based access control (RBAC) with predefined roles:
| Role | Permissions |
|---|---|
| Viewer | Read-only access |
| Editor | Read + Write |
| Admin | Full access + user management |
| Owner | All permissions + billing |
Compliance
LH42 maintains compliance with:
- SOC 2 Type II - Security, availability, confidentiality
- GDPR - EU data protection
- HIPAA - Healthcare data (Enterprise plan)
- ISO 27001 - Information security management
Security Features
IP Allowlisting
Restrict API access to specific IP ranges:
python
client.settings.update({
"ip_allowlist": ["192.168.1.0/24", "10.0.0.0/8"]
})Audit Logging
All API calls are logged with:
- Timestamp
- User/API key
- Action performed
- Resource affected
- IP address
Key Rotation
Regular API key rotation recommended:
python
new_key = client.api_keys.rotate("key_123")Reporting Vulnerabilities
Report security issues to security@lakehouse42.com.