Lombard Standard K.K.

Sales and customer data is critical to your business and we take the security of customer data extremely seriously. We host LombardGPT using comprehensively hardened infrastructure-as-a-service (IaaS) on Amazon Web Services.

1. LombardGPT will allow authentication using Single Sign On (SSO) via SAML and OIDC. Lombard does not store any passwords for accounts using SSO. For basic authentication, passwords are securely hashed and salted using industry standards.
2. Our web servers encrypt data in transit using the industry standard for HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
3. All persistent data is encrypted at rest using industry-standard AES-256 algorithms.
4. All employee contracts include a confidentiality agreement.
5. All changes to source code are subject to automated testing and any that affect security require pre-commit code review by a qualified engineering peer that includes security, performance and potential-for-abuse analysis.
6. All code is deployed to a staging environment for quality assurance and automated tests must pass prior to updating production services.
7. Client code utilizes multiple techniques to ensure that using the LombardGPT dashboard is safe and that requests are authentic, including XSS and CSRF protection, signed and encrypted user authentication cookies and session expiration.

If you have a concern, question or comment about security, please send an email to hello@lomb.st.