Lussent Trust Center

At Lussent, security, privacy, and compliance are built into every layer of our platform – from infrastructure and AI models to workflows and day-to-day operations. This Trust Center explains how we protect your data and earn your trust.

security@lussent.com
Privacy Policy
Updated 5 minutes ago
Compliance & certifications
Lussent is designed to operate in highly regulated environments, including PCI compliant segments, with a roadmap that covers the standards most relevant to financial services and enterprise customers.
Compliance
  • ISO
    ISO 27001:2022
  • ISO
    ISO/IEC 42001:2023
  • SOC
    SOC 2
  • GDPR
    GDPR
  • PCI
    PCI DSS – SAQ D, Merchant
  • ISO
    ISO/IEC 27799

PCI note: cardholder data can be processed within a customer's PCI DSS–scoped environment. Lussent is compatible with PCI DSS SAQ D merchant requirements and can be deployed so that PAN and sensitive authentication data remain tokenized or isolated according to your PCI segmentation.

How Lussent protects your data
A high-level view across compliance, security controls, privacy practices and how they map to PCI, ISO and SOC requirements.

Compliance

Roadmap & alignment
  • Controls aligned with SOC 2 and ISO 27001 domains (access, change management, logging, availability).
  • Data Processing Addendum (DPA) and GDPR-compliant terms for EU and global customers.
  • PCI-aware architecture with support for tokenized card data and segmentation for SAQ D merchant environments.

Infrastructure & product security

Always-on
  • Encryption in transit (TLS 1.2+) and at rest; keys managed via hardened key-management systems.
  • Least-privilege access, SSO, and role-based permissions with periodic access reviews.
  • Segregated environments for staging/production and PCI-scoped workloads where required.

Privacy & responsible AI

By design
  • Customer data is not used to train foundation models by default; PCI data flows are strictly scoped.
  • Clear data retention controls and documented incident response, including PCI-specific runbooks where applicable.
  • Human-in-the-loop workflows for high-risk and payment-related automations.

Encryption

TLS in transit and strong disk-level encryption at rest. Secrets and keys managed via secure key-management systems.

Access

SSO, multi-factor authentication, just-enough access and regular access reviews for production and PCI segments.

Monitoring

Centralized logging, alerting, and 24/7 monitoring of core infrastructure and critical payment-related automations.