Our commitment to transparency, security, and user control in how we handle data and privacy.Highlights
- Live visibility: Third-party security posture via SecurityScorecard
- Privacy by design: Minimal data usage, contextual consent, and full user visibility
- Audit-ready infrastructure: SOC 2 readiness, ongoing monitoring via Vanta, and vetted subprocessors
Overview
Below you’ll find a breakdown of our data and privacy commitments — covering security, access, usage, and AI governance.
1. SecurityScorecard & External Monitoring
1. SecurityScorecard & External Monitoring
What it is: A continuously updated, third-party rating system that tracks DNS health, app vulnerabilities, and patch cadence.Why it matters: Customers can independently see our security posture and hold us accountable.Live Rating: View Landbase.com’s Scorecard
2. Privacy by Design
2. Privacy by Design
- Collect the minimum data required for functionality
- You retain ownership and visibility of all data
- Proprietary data is never used to train AI without explicit opt-in
- Region-specific controls for GDPR, CCPA, and other frameworks
3. Data Handling & Infrastructure
3. Data Handling & Infrastructure
- Encryption: TLS 1.2+ and AES-256 at rest and in transit
- Storage: Trusted cloud vendors with industry-leading standards
- Access controls: Role-based and minimal access for staff
- Deletion: Strict data removal timelines; customer-initiated deletion supported
4. AI System Governance
4. AI System Governance
- Context isolation: GTM-1 Omni and other agents operate with scoped permissions
- Transparency: AI usage is always disclosed in-product
- Reviewability: All AI actions logged and overridable
- Responsible AI: Guided by internal policies and a cross-functional review process
5. Audits & Compliance
5. Audits & Compliance
- Vanta-managed compliance programs
- SOC 2 Type II certification in progress
- Annual risk assessments with third-party tools
- Vendor management: Quarterly reviews and signed DPAs for subprocessors