Built on the same stack we'd trust with our own data.
Lylu runs on Vercel, Supabase, Clerk, and Stripe — providers chosen specifically for their security posture and certifications. Here's what that means for you.
All traffic to and from Lylu is encrypted with TLS 1.3. Data at rest in our database is encrypted using AES-256.
Payments are processed by Stripe — a Level 1 PCI-DSS certified processor. Card details never touch our servers.
Sign-in is handled by Clerk, a SOC 2 Type II certified identity provider. Passwords are hashed with industry-standard algorithms and never readable by us.
Customer data is isolated per workspace at the database layer using Supabase row-level security. One workspace cannot read another's records.
Only a small number of engineers have production access, secured by hardware-key MFA. Every production action is logged.
Database is backed up continuously with point-in-time recovery. Application runs on Vercel's edge network for low-latency global access.
Found a security issue? Email security@aiworkspacelab.com and we'll respond within 48 hours. We do not retaliate against good-faith reporters.
We follow industry best practices for SOC 2 readiness. We don't currently hold a SOC 2 report; if you need one for procurement, contact us and we'll share our gap roadmap.
Security questionnaire?
We answer them. Send yours to security@aiworkspacelab.com and we'll turn it around within 3 business days.