Security at Lathe Studio
We built Lathe Studio with security as a core feature, not an afterthought. Here's how we protect your data.
Data Protection
All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Test case data, execution results, and integration credentials never leave secure infrastructure.
Access Controls
Row Level Security (RLS) policies in PostgreSQL ensure users can only access data within their organization. Role-based permissions separate leads (admin access) from testers (execution-only).
Authentication
We use Clerk for authentication, which maintains SOC 2 Type II compliance. Multi-factor authentication available. Session management with automatic timeout.
Infrastructure
Our infrastructure is built on enterprise-grade platforms with redundancy, monitoring, and automated failover.
Security Highlights
- AES-256 encryption at rest
- TLS 1.3 for all data in transit
- Row Level Security (RLS) enforced
- SOC 2 Type II compliant auth
- Daily automated backups
Integrations
Jira, Slack, Teams, and CI/CD credentials are encrypted using AES-256-GCM with keys stored separately from application data. We never store integration passwords in plaintext.
Compliance
- GDPR and CCPA compliant
- Data processing agreements available on request
- SOC 2 Type I audit planned Q3 2026
Report a Vulnerability
Found a vulnerability? Contact us immediately. We respond to all reports within 24 hours and maintain a disclosure policy for responsible security research.
security@lathe.studio