Benchmarks: Answer 99.16% of DocVQA Without Images in QA: Agentic Document ExtractionRead more

Security and Data Privacy at LandingAI

At LandingAI, the security of your data is our top priority. We are committed to maintaining a strong security program that protects your information and earns your trust. This page outlines our security posture, compliance with industry standards, and the measures we take to safeguard your data across our products and infrastructure.

Compliance Frameworks

LandingAI is committed to adhering to globally recognized security and privacy standards. We undergo regular independent audits to validate our security controls and demonstrate our compliance.

SOC 2 Type II

SOC 2 Type II

We are SOC 2 Type II compliant. This means our systems and processes have been independently audited and verified to meet the trust services criteria for security, availability, and confidentiality established by the American Institute of Certified Public Accountants (AICPA). This audit provides independent assurance of our dedication to protecting your data.

GDPR

GDPR

LandingAI is compliant with the General Data Protection Regulation (GDPR). We are committed to the principles of data protection and privacy, and we adhere to the GDPR’s requirements to ensure the rights of our users in the European Union are protected.

HIPAA

HIPAA

LandingAI is HIPAA compliant, ensuring that we have the necessary administrative, physical, and technical safeguards in place to protect sensitive Protected Health Information (PHI) for our customers in the healthcare industry. To process PHI, our customers must subscribe to LandingAI’s HIPAA compliant services and have a Business Associate Agreement (BAA) in place.

EU-US Privacy Framework (Coming soon)

EU-US Privacy Framework (Coming soon)

To support our customers in the European Union and beyond, LandingAI is working to certify its compliance with the EU-U.S. Data Privacy Framework (DPF). Recognized by the European Union, this framework establishes high standards for the transfer of personal data to the United States and demonstrates our commitment to protecting your information with robust, enforceable privacy safeguards.

Product Security.

Security is a fundamental part of our product development lifecycle, governing how we build and operate LandingLens and our Agentic Vision Services, including Agentic Documentation Extraction (ADE). We architect our products with a security-first mindset to protect your data and ensure platform integrity. Below are some of the key security-related attributes built into our platform.

Secure Development Lifecycle

Secure Development Lifecycle

We incorporate security at every stage of development, from design and coding to testing and deployment, to build secure products from the ground up.

Single Sign-On (SSO)

Single Sign-On (SSO)

We provide robust SSO integration, allowing you to enforce corporate authentication policies and streamline user management via your identity provider (e.g., Okta, Azure AD). This feature is fully available for LandingLens and will be extended to Agentic Documentation Extraction (ADE) in Q3 2025.

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC):

Assign granular permissions to users and groups to ensure they only have access to the data and features necessary for their roles. Within products like LandingLens, you can leverage RBAC to tailor access rights precisely to your organizational structure and security requirements.

Audit Logs

Audit Logs

We maintain a comprehensive and immutable record of critical user and system activity across our platform. Our security team actively monitors these logs to detect suspicious behavior, investigate potential threats, and ensure operational integrity. This proactive monitoring is a core part of how we safeguard your environment.

Data Security.

We employ robust technical and procedural measures to protect your data at all times. Our policies are designed to provide clarity and control over how your information is handled.

Data Encryption

Data Encryption:

  • In Transit: All data is encrypted using TLS 1.2 or higher
  • At Rest: We utilize the industry-standard AES-256 encryption algorithm.
Data Backup and Recovery

Data Backup and Recovery:

By default, we perform regular, automated backups of your data and have established, tested procedures to ensure a timely recovery in the event of a disaster or data loss event.

Data Segregation

Data Segregation:

Your data is always kept logically separate from other customers’ data in our multi-tenant architecture, ensuring strict data isolation and privacy.

Zero Data Retention for Maximum Privacy

For customers with the highest data privacy requirements, we offer a Zero Data Retention option for our Agentic Documentation Extraction (ADE) product. When this option is enabled, your data is processed in-memory and is never stored on our systems or by our sub-processors. This ensures that your sensitive documents are used exclusively for the extraction process and are immediately discarded, providing the highest level of data privacy. In addition, with this option, customers may request a Business Associate Agreement to support processing of Personal Health Information (PHI).

Learn more about the implementation and advantages of the Zero Data Retention option.

Data Storage

Your data is stored using robust security measures on trusted, industry-leading cloud infrastructure. This section outlines our specific data storage practices for each product, giving you a clear understanding of where your information is located, how it is protected, and the controls you have over it.

Agentic Document Extraction

(SaaS)

This service is offered in multiple regions to meet data residency requirements.

  • Location: Your data is stored in the geographic region you select for the service. We currently offer:
    • AWS US East (Ohio)
    • AWS EU (Ireland)
  • Data Retention: Data retention policy varies depending on the service and user type.
    • For customers that elect LandingAI’s Zero Data Retention option, customer data is ephemeral and retained only as long as needed to carry out the processes directed by the Customer.
    • For all other customers, data retention periods are governed by the terms of your agreement.
  • Data Usage:
    • Customers with the ZDR Option: Your data is never used for training or improving our models.
    • Customers without the ZDR Option: Your data may be used to provide and improve the services and products that LandingAI provides. For more details on this process and your options, please see our Terms of service.

LandingLens SaaS

(Pay-As-You-Go, Subscription & Enterprise)

This applies to all standard SaaS versions of LandingLens, accessed directly or via the Snowflake Marketplace.

  • Location: Your data is stored on Amazon Web Services (AWS) in the US East (Ohio) region. All data is encrypted both at rest and in transit.
  • Access Permissions: Access to the AWS S3 storage is strictly limited through RBACs to service accounts and support employees. This ensures that only authorized and authenticated processes can interact with the stored data, minimizing the risk of unauthorized access.
  • Data Retention: Data retention policy varies depending on the service and user type.
    • For enterprise customers, your Enterprise Terms of Service will apply.
    • For PAYG and Subscription customers, data retention periods are governed by the agreement applicable to your account. For most customers, this is governed by our standard Terms of Service.
  • Data Usage:
    • For enterprise customers, your data is only used as necessary to provide the services as directed. LandingAI will not provide access to or share any of your data or models with any other customers.
    • For PAYG and Subscription customers, your data is used as necessary to provide the services as directed and may be used to improve the services and products that LandingAI provides. Nonetheless, LandingAI still will never provide access to or share any of your data or models with any other customers. Our policy on the use of customer data for service improvement is detailed in our standard Terms of Service.

LandingLens

(Snowflake Native App)

This version of the application runs entirely within your own Snowflake environment.

  • Location: All of your data is stored and processed directly within your own Snowflake account. You choose the geographic region of your Snowflake deployment.
  • Access Permissions: You control all access permissions using Snowflake’s native authentication and Role-Based Access Control (RBAC). LandingAI personnel do not have access to your data.
  • Data Retention: You control the entire data lifecycle, including all backup, retention, and deletion schedules, according to your own policies.
  • Data Usage: LandingAI does not have access to your data and therefore does not use it for any purpose, including model training.

Application & Network Security.

LandingAI is designed as a secure, cloud-native platform. Our network infrastructure is hosted on Amazon Web Services (AWS), leveraging serverless technology within an isolated AWS Virtual Private Cloud (VPC).

This modern foundation is governed by zero-trust principles, meaning we do not automatically trust any entity inside or outside our network. By enforcing strict verification for every access request, including multi-factor authentication (MFA) and the principle of least-privileged access, we create a robust security framework that protects our systems and your data in a perimeter-less world.

For our cloud deployments, we have distinct security frameworks depending on where the product runs.

Our Security Approach on AWS

For our SaaS products, including LandingLens, we operate within a security partnership with Amazon Web Services. In this model, responsibility is clearly defined to ensure comprehensive protection.

  • AWS Responsibility: AWS manages the security of the cloud, including the physical security of data centers, hardware, and the underlying core infrastructure.
  • LandingAI Responsibility: We are responsible for security in the cloud. This includes securing our application, managing data encryption, configuring network controls, and managing user access to our platform.

Shared Responsibility for the Snowflake Native App

For the LandingAI Snowflake Native App (SFNA), we follow Snowflake’s official Shared Responsibility Model. Because the application runs directly within the customer’s Snowflake account, the customer retains significant control and responsibility over security.

  • Snowflake’s Responsibility: Snowflake is responsible for the security and integrity of its platform.
  • Customer’s Responsibility: As the account owner, the customer is responsible for managing their data and securing their cloud environment. This includes using Snowflake’s built-in features to configure network policies, manage user authentication, and define access permissions for the Native App.
  • For more information, please see the Official Snowflake Native App Security Documentation.

Key security measures include:

Security Events Monitoring and Alerting

We leverage AWS threat intelligence and monitoring tools to detect anomalies.

Regular Penetration Testing

We engage independent, third-party security experts to conduct regular penetration tests of our applications and infrastructure.

Vulnerability Scanning

We continuously scan our systems and code for vulnerabilities to identify potential issues before they can be exploited.

DDoS Mitigation

We have implemented advanced measures to protect against Distributed Denial of Service (DDoS) attacks and ensure high service availability.

Operational & Organizational Security.

Security is a shared responsibility at LandingAI, and we have implemented strong internal security practices.

Employee Security Training

Employee Security Training

All employees receive comprehensive security awareness training upon hiring and on an ongoing basis to ensure they understand their role in protecting customer data.

Background Checks

Background Checks

We conduct thorough background checks on all new employees as a condition of employment, in accordance with local laws and regulations.

Patch Management

Patch Management

We handle all application-level patches and updates as an integral part of our weekly bug triage and release process, ensuring that security fixes are deployed promptly and efficiently.

Incident Response Plan

Incident Response Plan

We have a well-defined and regularly tested incident response plan to ensure a swift, effective, and coordinated response to any potential security incident.

Vendor Security Management

Vendor Security Management

We conduct security assessments of all our vendors and subprocessors to ensure they meet our security and data protection standards.

Subprocessors

LandingAI partners with a select number of third-party vendors to provide our services. We have carefully verified the security practices of each of our subprocessors.

Go To Subprocessor Page

Trust Center

For a more detailed look at our security and compliance posture, and to request access to our security documentation, including our SOC 2 report, please visit our Trust Center.

Go to Trust Center