SOC 2 Type II GDPR Compliant HIPAA Available

Your data is safe with us

Security isn't a feature — it's the foundation. Every part of Ludex is built with security as a core requirement, not an afterthought.

🛡️

SOC 2 Type II

Independently audited annually for security, availability, and confidentiality. Report available to Enterprise customers under NDA.

🔐

End-to-end encryption

AES-256 encryption at rest. TLS 1.3 in transit. All database connections use encrypted tunnels.

🌍

GDPR & CCPA

Full GDPR compliance with DPA available. CCPA-ready. EU data residency option for Enterprise customers.

Infrastructure security

Our infrastructure runs on AWS with multi-region redundancy. All servers are in private VPCs with no direct public internet access. We use infrastructure-as-code for all deployments to ensure consistency and auditability.

  • AWS SOC 2 certified infrastructure
  • Private VPC with no public-facing compute
  • Automated vulnerability scanning on every deploy
  • 24/7 security monitoring and intrusion detection
  • Annual penetration testing by independent firm
  • Bug bounty program via HackerOne
🔒

Access controls

Granular role-based access control lets you define exactly who can see what. SSO integration means your company's access policies apply to Ludex automatically.

  • Role-based access control (RBAC) for all resources
  • SSO via SAML 2.0 and OAuth 2.0
  • SCIM provisioning for automatic user lifecycle management
  • Row-level security for multi-tenant data isolation
  • IP allowlisting for additional access restriction
  • MFA enforcement across all user accounts
👤

Data privacy

We believe your data is yours, not ours. We never sell, share, or use your data for any purpose other than providing the Ludex service to you.

  • We never sell or share your data with third parties
  • Your data is never used to train AI models
  • Support team access requires explicit written authorization
  • All access is logged and auditable
  • Data deletion on request (right to erasure)
  • Data processing agreements available for GDPR compliance
🔮

Certifications & compliance

SOC 2 Type II
Annual independent audit
🇪🇺
GDPR
DPA available
🏥
HIPAA
BAA for Enterprise
🇺🇸
CCPA
California Privacy

Report a security vulnerability

We take security reports seriously. Please send vulnerability reports to security@ludex.cc with a description of the issue. We commit to a 24-hour acknowledgement and will work with you on responsible disclosure. We participate in the HackerOne bug bounty program.