Security at Lightyear
Lightyear is ISO/IEC 27001:2023 certified which is globally recognised as the premier information security management system (ISMS) standard.
We take customer data and security very seriously. We have a robust security management program which is regularly reviewed and tested.
Lightyear complies with all GDPR requirements.
The following section provides answers to FAQ's in relation to our Security and Compliance procedures. Please note that further information is available upon request but is not published to protect Lightyear's System security.
Do you have an Information Security Management System (ISMS)?
Yes, we have a full ISMS, including Incidence Response, Disaster Recovery and Business Continuity Plans. Our ISMS includes over thirty policies covering various aspects of our operation.
Where is my data stored?
As per Lightyear Terms of Service, Lightyear stores your data on Amazon Web Services cloud servers, based on the location that Lightyear considers will give you the most efficient access to it. Localised data servers are available upon request at a chargeable fee. Speak to the team to find out more.
Who can access my data?
You control who can access your data. Lightyear staff are unable to access your data unless you invite staff access to your Lightyear account. Please see our privacy policy for more details. Lightyear operates on the principle of least privilege for all our systems and data.
Data Encryption
We encrypt all data that goes between you and Lightyear using industry-standard TLS (Transport Layer Security), protecting your personal and financial data. Your data is also encrypted when it is stored on our servers and encrypted when we transfer it between data centres for backup and replication. All data stored and transmitted through Amazon Web Services (AWS) uses Advanced Encryption Standard (AES) 256, a block cipher. The AES is the only publicly accessible cipher approved by the US National Security Agency (NSA) for protecting Top Secret information.
Disaster Recovery - Is my data backed up?
Backups are performed automatically on a daily schedule managed by the AWS Relational Database Service. The daily backups are encrypted and replicated to a separate AWS region. In addition, the database has a live failover instance in a separate AWS availability zone.
User Authentication
Lightyear operates a strict password policy and 2-Factor Authentication requirements can be enabled on a company level setting. Password security is maintained through minimum passwords lengths using a mixture of upper, lower-case letters, numbers and characters and automatic lockout on repeated login failures.
Network Protection
Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Lightyear's security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
What is your uptime?
Lightyear uses commercially reasonable efforts to make the Included Services available with a Monthly Uptime Percentage of 99%, during any monthly billing cycle.
We deploy code updates without taking the application offline due to our distributed architecture. We may on occasion need to take the application offline and will give advance notice when planned.
Financial Security
Lightyear does not store any payments data. Our market-leading payments processor, Stripe, securely stores your payments information.
How do I contact you regards Data Protection?
You can contact our data protection officer at infosec@lightyearap.com
