LetHub
Trust & Security

Enterprise-grade security, built in

Security isn't an afterthought — it's foundational to everything we build. Here's how we protect your data, your clients' data, and your tenants' data.

Data encryption

  • All data encrypted at rest using AES-256 encryption.
  • Data in transit protected by TLS 1.3 with perfect forward secrecy.
  • Database encryption keys managed via AWS Key Management Service (KMS) with automatic rotation.
  • Encrypted backups stored in geographically separate UK data centres.

Infrastructure security

  • Platform hosted on AWS (London region, eu-west-2) and Vercel's enterprise infrastructure.
  • Supabase database hosted in EU (Ireland) with SOC 2 Type II certification.
  • DDoS protection via AWS Shield and Vercel's edge network.
  • Web Application Firewall (WAF) blocking OWASP Top 10 attack vectors.
  • Continuous vulnerability scanning and automated patch management.

Access control

  • Multi-factor authentication (MFA) available for all user accounts.
  • Role-based access control (RBAC) with granular permissions — admin, agent, landlord, tenant, contractor.
  • Row-Level Security (RLS) in Supabase ensures users only see their own data.
  • Session timeout after 30 minutes of inactivity (configurable per agency).
  • Single Sign-On (SSO) via SAML 2.0 available on Enterprise plans.

Application security

  • Secure development lifecycle: code review, static analysis (SAST), dependency scanning.
  • Annual penetration testing by independent CREST-certified security firm.
  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) protections built into the framework.
  • Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and other security headers enforced.
  • Bug bounty programme — responsible disclosure at security@lethub.co.uk.

Compliance & certifications

  • UK GDPR compliant — see our GDPR page for full details.
  • Registered with the Information Commissioner's Office (ICO): ZA123456.
  • PCI DSS compliance via Stripe — we never handle raw card data.
  • Cyber Essentials Plus certification (in progress, expected Q3 2025).
  • ISO 27001 certification programme initiated.

Business continuity

  • Real-time database replication with point-in-time recovery (PITR).
  • Recovery Time Objective (RTO): 1 hour. Recovery Point Objective (RPO): 5 minutes.
  • Disaster recovery plan tested annually with documented runbooks.
  • Status page at status.lethub.co.uk with real-time incident updates.
  • 24/7 on-call engineering team for critical incidents.

Report a security issue

If you believe you've found a security vulnerability in LetHub, please email us immediately. We take all reports seriously and aim to respond within 24 hours.

security@lethub.co.ukGDPR compliance