Lettuce
The Lettuce Guarantee
Your Lettuce monthly subscription comes with our Lettuce-Back Guarantee. Lettuce stands behind our work or you get your money back. Your Lettuce...
Lettuce cares about your data security.
At Lettuce, safeguarding your data is our top priority. We are dedicated to maintaining the highest standards of privacy and security. Lettuce takes rigorous measures to protect your personal and financial details, ensuring they remain confidential and secure. Whether it's through the use of advanced encryption techniques or strict compliance with regulatory standards, we're committed to keeping your data safe.
Security Trust Assurance & Risk (STAR)
As a Star Level 1 Security certified platform, Lettuce has successfully demonstrated its security controls, ensuring the foundational cybersecurity practices are robustly in place. This certification underscores Lettuce's commitment to safeguarding customers data with industry-standard security measures.
Data Security
- Data Encryption: Leveraging advanced encryption protocols, all data transferred between your browser and Lettuce's servers is secured using TLS v1.2 for data in transit. For data at rest, we employ AES-256 key encryption, ensuring your information is protected at all times.
- Data Center Security: Lettuce's infrastructure is hosted on Amazon Web Services (AWS), a leading provider known for its robust security and reliability. Our setup spans multiple regions, primarily running on AWS region US-West-2 (Oregon) with backups in US-East-1 (Virginia), offering resilience and high availability.
- Data Availability: Regular backups of Lettuce's production systems and data are conducted, with strict verification processes to ensure data integrity. Our backup strategies are periodically tested to guarantee recoverability.
Application Security
- Development Security: Access to Lettuce's systems is strictly controlled, adhering to the principle of least privilege. Every change to Lettuce's application undergoes peer review and testing before deployment, maintaining high security standards.
- Vulnerability Management: To identify and mitigate potential vulnerabilities, Lettuce engages third-party services for penetration testing and employs continuous scanning tools for our applications and infrastructure. Lettuce's code repositories are also regularly scanned for security issues using static code analysis.
Product Security
- Authentication: Lettuce supports Multi-Factor Authentication (MFA), allowing users to add an extra layer of security to their accounts by enabling two-step verification, reducing the risk of unauthorized access.
- Fraud Monitoring: Lettuce proactively monitors for fraudulent activities within customer accounts to help prevent unauthorized transactions, ensuring the security of your financial operations.
People Security
- Security Awareness: Lettuce's dedicated security team is committed to fostering a culture of security awareness throughout the organization, ensuring that all employees are trained on the latest security practices and threats.
- Background Checks: Lettuce conducts thorough background checks on all potential hires, reinforcing our commitment to maintaining a secure and trustworthy team.