<img src="https://secure.insight-52.com/793973.png" style="display:none;">
Skip to content

Chime is now Lofty! Click here to Learn More

Security & Compliance

Lofty takes security and compliance seriously. We work with industry pioneers to ensure that your data is protected 24/7.
& Application Security
Our products are built around industry-leading best practices for data privacy and information security. Our services are hosted on AWS, a leading cloud infrastructure provider. The AWS Security Platform provides industry-leading security capabilities and services such as network firewalls, encryption in transit with TLS across all services, DDoS mitigation capabilities, data encryption, monitoring/logging, identity management/access controls, and third-party penetration testing.
Data Encryption
We protect you from external threats. Lofty secures your business applications through standardized security measures including Web Application Firewalls, Distributed Denial of Service (DDoS) Protections, Vulnerability Scanning, and Third-Party Penetration Testing.
Monitoring and Incident Response
Your data is protected 24/7. Lofty has an intact alert system which allows us to monitor for malicious activity, handle security incidents, and support operational processes. We try our best to prevent, detect, and respond to threats.
We ensure Lofty employees are well-trained in security. Security awareness training is provided to all employees upon hire and an ongoing annual basis. Lofty uses the principle of least privilege (PoLP) to ensure a user is given the minimum levels of access necessary. We regularly conduct internal audits to ensure PoLP compliance.

Compliance & Certifications

Lofty follows strict international standards and regulations to keep your data safe

ISO 27001 Certification

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers, and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touchpoint audits (surveillance audits).

ISO 27701 Certification

ISO 27701 is the international standard for privacy information management. Two main objectives of ISO 27701 are to protect private information assets and to demonstrate compliance with privacy and data protection regulations – regardless of location or industry.

SOC 2 Report

A SOC 2 report is a report that service organizations receive and share with stakeholders to demonstrate that general IT controls are in place to secure the service provided.
Need to report a vulnerability?
If you believe you have found a security vulnerability, please report it here .