Security at Lano

The Protection of Your Data Comes First

Lano recognizes the importance of security measures in protecting our customers' sensitive data. We take several measures to ensure that your information is secure and protected from unauthorized access, data breaches, and other cyber threats, both externally and internally.

In order to guarantee optimal security we work with external auditors and data-protection specialists on our comprehensive security program on a regular basis. We’ve established procedures to regularly evaluate security risks, threats, and vulnerabilities for our users.

As a company, we follow a collaborative approach to guarantee the confidentiality, availability, and integrity of your data. On this page, you can read about the various policies and security measures taken by us to secure your data and content.

What is GDPR?

The General Data Protection Regulation or GDPR has been in force since 25 May 2018 and establishes a uniform legal framework for companies with regard to the processing of personal data of EU citizens. In essence, the GDPR aims to protect sensitive data and give individuals greater control over how their data is collected, processed, stored and disclosed.

All companies that collect or process personal data of EU citizens are obliged to prove the lawfulness of data storage and processing to customers, users or supervisory authorities upon request. Further information on the GDPR can be found on the websites of the European Union.

Your Data, Your Rights

Lano processes personal data on behalf of its customers. We always process data responsibly and endeavour to implement the wishes and requirements of our customers. It is therefore important for us at this point to inform you about your rights which you can exercise with regard to the use of your personal data.

Right to information

You can obtain information about your personal data processed by us at any time and free of charge. For this purpose we provide you with a file containing all data stored by us.

Right to correction

If the information concerning you is (no longer) accurate or incomplete, you may request that it be corrected or completed. In your Lano profile, you can also correct or complete the most important data yourself at any time.

Right to deletion

You can request the deletion of your personal data at any time. In some cases, data deletion is only partially possible because we are required by law to retain such data (e. g. invoices).

Right to limitation of processing

You have the right to request that the processing of your personal data be restricted. In this case, we will block your user account for further processing.

Right to appeal

If you believe that we have not or have not fully complied with your request, you may file a complaint with the appropriate data protection supervisory authority. Please contact the relevant data protection authority in your federal state directly.

Security Measures at Lano

At Lano, we prioritize the security of employee and payroll data, recognizing its sensitivity and the trust our customers place in us. Our SOC 2 Type II certification demonstrates our commitment to maintaining high standards in information security. This certification, developed by the American Institute of CPAs (AICPA), involves a rigorous evaluation of our security, availability, processing integrity, confidentiality, and privacy practices. Achieving SOC 2 Type II status reflects our ongoing dedication to safeguarding customer data through continuous improvement and stringent security measures.

GDPR Compliance

As a European company, Lano is compliant with GDPR regulations, which means that it has taken measures to ensure that personal data is processed securely within the EU as and when applicable. Additionally, Lano offers firewall protection and network segregation to protect against unauthorized access.

Data Storage

In terms of data storage, Lano offers encrypted S3 storage with AES-256 and TLS 1.2 protocols, which means that all data is encrypted during transit and at rest. The data center has role-based access, biometric access, 24x7 security, and security cameras, ensuring that the physical infrastructure is secure.

User authentication

Lano also offers authentication tools such as FMS auth, Okta, Auth0, Google auth, and OAuth2 (own server) to ensure that only authorized personnel have access to payroll data. SSL/HTTPS protocols are used to secure communication channels, and access and modifications to data are logged and audited. To learn more about which SSO providers we work with and how we can ensure added security to your Lano account, get in touch.

Usage of cloud providers

Lano also ensures the security of its application by leveraging the GCP infrastructure as its cloud provider, which makes it highly scalable. The company monitors and forecasts future demand to increase its platform's performance. Lano also employs tooling for patch-level verification and vulnerability checks to manage third-party dependencies, providing regular updates to the platform.

Internal development practices and secure access

The security of Lano's software development lifecycle is a priority. The development teams follow internal quality assurance policies and processes, including manual and/or automated testing of every new functionality delivered or changed. Before deploying any code to the staging environment, it undergoes a careful review by software engineers to maintain the high quality of Lano's solutions.

Ongoing monitoring

We detect anomalies by monitoring data access, data modifications, and the performance of our platform. Any threat is detected early and our team of highly skilled engineers is ready to resolve any problem.

Internal security training

Lano also has strict security procedures and training in place to ensure the confidentiality and privacy of data. This includes escalation and incident handling policies, security awareness programs, confidentiality clauses, security policies, handbooks, and training for employees on data privacy and security. The company also implements vendor security management to ensure that third-party vendors also adhere to strict security standards.

In case of security incidents

Incidents can happen to anyone — and we are ready for such an event when it happens. We manage security incidents via a documented process, which includes notification of and cooperation with customers, data protection authorities, and law enforcement. We will be in touch promptly as and when any such incidents occur, and follow procedures as outlined by the relevant authorities.

To understand more about our security policies at Lano, get in touch via support@lano.io.

Sub-processors

Lano works with third-party companies to help provide our services to you, following our Data Processing Agreement (DPA) and the General Data Protection Regulation (GDPR). Here, you will find a list of the companies we currently work with. This page provides important details about each company, including their name, what they do, the services they provide, and their registered office. Please note that not all of these companies are involved in all of our services; some only support specific ones.