Security at Laritor

Effective Date: July 26, 2025
Last Updated: July 26, 2025

We understand how important data security is when you trust a platform to monitor and analyze your production systems. At Laritor, protecting your data is one of our highest priorities. This page outlines the technical, organizational, and procedural safeguards we’ve implemented to keep your data safe.

• Cloud Hosting: Laritor is hosted on secure infrastructure provided by Digital Ocean and Amazon Web Services (AWS), with data centers located globally.
• Firewall & DDoS Protection: We use Cloudflare as our CDN and edge firewall to protect against distributed denial-of-service (DDoS) attacks and abusive traffic.
• Data Isolation: Each customer’s environment and data are logically isolated in our systems.
• Backups: We perform daily encrypted backups and retain them for a limited period (typically 30–60 days).

• Encryption in Transit: All data transmitted between your systems and Laritor is encrypted using TLS 1.3 with strong ciphers.
• Credential Storage: All secrets, API tokens, and access keys are stored encrypted and never logged or displayed.

• Role-Based Access: Only authorized employees have access to production systems, based on job responsibilities.
• Multi-Factor Authentication (MFA): MFA is enforced for all internal systems and cloud provider accounts.
• Audit Logging: Access to critical systems is logged and periodically reviewed.
• Environment Separation: Development and production environments are strictly isolated.

• Secure Development Lifecycle: Our development practices include regular code reviews, static code analysis, and automated testing.
• Dependency Monitoring: We use tools to monitor vulnerabilities in third-party packages and promptly apply patches.
• Rate Limiting: APIs and user interfaces are protected by rate limiting and abuse prevention logic.
• Continuous Vulnerability Monitoring: We use tools to continuously monitor vulnerabilities in application.
• Quarterly Penetration Tests: We perform quarterly penetration tests to identify and fix security vulnerabilities.

Laritor provides an open-source data ingestion package that clients install within their applications to monitor performance, logs, and traces. This package includes built-in security controls to protect sensitive information before it is ever transmitted to Laritor.

Key protections include:

• Redaction of sensitive data: The package automatically redacts potentially sensitive data (e.g., passwords, secrets) in payloads before sending them to Laritor.
• Anonymization of PII: Personally identifiable information such as user identifiers, email addresses, or IPs can be anonymized prior to transmission, depending on client configuration.
• Ingestion controls: Developers can configure which routes, endpoints, or scheduled tasks should be excluded from monitoring to avoid capturing sensitive flows (e.g., authentication, billing).
• Granular data controls: The client can restrict whether request/response bodies, query bindings, session data, or custom headers are included in the telemetry payload—giving teams full control over what data is shared.

Documentation for these options is available in our Customization Guide

We have a defined incident response process in place:

• We monitor for suspicious activity 24/7.
• In the event of a breach or data incident, affected users will be notified within 72 hours, as required by GDPR and other laws.
• We document and review all incidents to improve our prevention measures.

While we are not currently certified under SOC 2 or ISO 27001, we follow many of their practices and are actively working toward formal compliance.

We currently:

• Maintain a security risk register
• Limit data retention and log access
• Respond to data deletion and access requests within 30 days

We welcome reports from security researchers. If you believe you’ve found a vulnerability, please email [email protected]. We appreciate responsible, coordinated disclosure.

If you have questions about Laritor’s security practices, please contact: [email protected]