Security

Security and Trust Overview

Lakesis is designed for workflow automation in sensitive operational environments. We build around least privilege, secure integrations, and transparent data handling so customers can evaluate the service with the right expectations.

Security posture: Practical, least-privilege, integration-aware Security contact: [email protected]

1. Security Principles

  • Least privilege: we aim to request only the permissions required for the workflow being enabled.
  • Purpose limitation: information should be used only for the service requested by the customer.
  • Operational transparency: trust-related pages, documentation, and support channels remain publicly accessible.

2. Core Safeguards

Transport Protection

Public website and integration endpoints are intended to be served over HTTPS to protect data in transit.

Access Control

Administrative access to production systems should be limited to authorized personnel with a legitimate operational need.

Integration Review

Third-party integrations such as Zoom should be reviewed for scope, permission needs, and lifecycle management before release.

Logging and Investigation

Operational events and security-relevant activity may be logged to support troubleshooting, auditing, and incident response.

3. Data Handling Expectations

Lakesis is designed to process only the information required to operate the configured workflow. For the Zoom app use case, that typically means account connection details, booking context, and meeting metadata rather than meeting content itself.

We do not use customer data for unrelated purposes without notice, and we do not sell personal information.

4. Incident Response

When a suspected security event is reported or detected, we investigate, assess scope and impact, take appropriate containment steps, and coordinate follow-up communication as needed. Customers should report issues quickly to [email protected] and provide enough context to help triage.

5. Shared Responsibility

  • Lakesis is responsible for the security of the platform components we operate.
  • Customers remain responsible for their own endpoint security, user access approvals, data governance, and the lawful use of connected services.
  • Admins should promptly revoke unused integrations and review workflow permissions on a regular basis.