Crafted for your security
Last updated: 20th October, 2023
Customer trust and data security are central to everything we do at Light. From the way we build products, to the way we think about our customers' data.
Find out how we keep your data secure here.
Upholding industry-leading security standards
SOC 2 Type II
Light is SOC 2 Type II compliant, meaning that the way we process and store client data is secure and protected, based on standards set by the AICPA.
All Light servers are ISO-certified. Additionally, back-ups are filled in different locations to enhance security and data resilience.
We secure our codebase and have SSL encryption further protect your data against a broad range of attacks to ensure the safety of your information.
By using state-of-the-art authentication technology, we offer multi-factor authentication and role-based permissions out-of-the-box.
Best practices for developing secure software
Light is built by a team of engineers with deep experience in building banking-grade security at Pleo, and we are committed to having Light as a data company to apply the same high standards.
This goes across Light's operations, product, and development of which we have built with staging and production environments, encrypted credentials separated from code, and “infrastructure-as-code” that eases auditing and permits fine-grained access to cloud resources.
In addition, we always use 2-factor authentication and secure password generators internally.
Compliant with GDPR (& CCPA)
Light is designed to not store any personal identifiable information during data synchronisation. We recognise that it’s important to be compliant with modern data privacy practices, and we have no interest in neither data storing or data profiling, as we exist to move data - not store data.
Please see a link to our Privacy Page.
Data encrypted in transit & at rest
Light uses recent SSL and TLS versions for all connections between systems.
From your browser to the Light application, from our servers to your ERP system or SaaS application, as well as internally between our own services and databases. Our own core backend application is located in our HIPAA-compliant AWS deployment.
Our authentication system, also fully encrypted, is handled by the enterprise-grade solution Auth0. Built on top of the world’s most secure cloud infrastructure, Light is running on top of Amazon Web Services (AWS). We host our servers in the European Union and only work with cloud providers whose data centers are SOC 2 and ISO 27001 certified.
These cloud providers guarantee a best-in-class state of the physical and network security of Light’s servers and help us ensure that our server software is always up to date and protected from any newly-discovered threats.
Use the least privileges needed for handling data
Light does not require super-user access to your finance data, and will request the fewest OAuth scopes needed to your SaaS applications in order to provide the Light solution. The secrets we store with enterprise-grade AWS Secrets Manager which is both PCI and SOC 2 compliant.
You can find more information on our Privacy Page.
This security page will be updated and modified periodically, as well as when necessary due to changes in applicable data protection legislation and practice and, thus, Light recommends that you keep yourself updated of such changes.