We realize that notes and documents pertaining to your organization's meetings will contain sensitive information and that this information must be kept safe, secure and private. To that end we are committed to maintaining the highest industry standards for security and privacy.
We Maintain and Regularly Review Our InfoSec Policy
Our Information Security Policy is reviewed quarterly to ensure that our information management policies and procedures are correct and properly enforced. Our InfoSec policy covers:
- Safeguarding customer information
- Acceptable use policy
- Disciplinary actions
- Protection of stored data
- Information classification
- Physical security
- Disposal of stored data
- Security awareness and procedures
- Network security
- System and password policy
- Vulnerability management policy
- Audit and log review
- Secure application development
- Incident response policy
- Role and responsibilities
- User access management
- Access control policy
- Data retention policy
- Employee and contractor on-boarding and off-boarding
We Keep Your Data Private
Lucid Meetings uses authenticated logins to maintain application security and SSL for security during transmission, ensuring complete data privacy. All database information and stored files are encrypted at-rest.
Your Account Data is Secure
All credit card billing is processed using secure, PCI-compliant networks. This includes transmission, processing, and storing of your credit card information.
Physical Security
We use a Tier 1 hosting provider, Amazon AWS, with many years of experience designing, constructing and operating large-scale data centers. The data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
Security Practices
We maintain and regularly review our documented Security, Availability, and Recoverability practices covering:
- Core security principles
- Proper leverage of Amazon AWS security infrastructure
- Intrusion detection (IDS, HIDS, WAF)
- Log management and incident reporting
- Software assurance
- Service availability and recovery
- Penetration testing by external GIAC certified security personnel
Backups and Recovery
We conduct automated nightly backups of all databases, which are replicated across multiple physical locations. We regularly test restoring from backup to ensure viability.
Certifications and Accreditation
Our data center, Amazon AWS, has achieved ISO 27001 certification and successfully completed multiple SAS70 Type II audits. They are also PCI DSS Level 1 compliant, ensuring that storing, processing and transmitting your credit card data complies with the stringent security requirements of the credit card industry.
Security FAQs
Q. Can I review your information security policies, security approach, and penetration testing reports?
A. We do not publish our detailed security information to the general public, but do engage in detailed reviews with our enterprise customers under NDA.
Q. What happens to my meeting information if cancel my account?
A. Canceling your account permanently deletes all meeting records associated with that account. You can also delete your personal profile.
Q. How do I control who has access to my meeting information?
A. Team members in your meeting room have access to the meeting records there. To remove their access, remove the people from the room by clicking the People tab in the meeting room, selecting the individuals, and clicking the Remove Selected People button.
Inviting someone to your meeting as a guest limits their access to that meeting only.
