Lette Trust Center

Live monitoring by Noru

Security & Compliance

Last updated Apr 16, 2026

Security and Trust at Lette

Enterprise-grade security. Built for modern rental operations.

At Lette, protecting your data is foundational to how we build and operate our platform. We work with institutional owners, operators, and financial partners who trust us with sensitive operational, financial, and resident information, and we take that responsibility seriously. Security, privacy, and compliance are embedded into our product design, infrastructure, and internal processes from day one.

Our platform is built using industry best practices across cloud security, access controls, data encryption, and continuous monitoring. Lette operates as a data processor, never using customer data to train AI models, and hosts all production systems in secure EU-based infrastructure. This Trust Center provides transparency into our security posture, compliance commitments, and how to responsibly report vulnerabilities.

Report a vulnerability Privacy Policy

Overview

EU AI Act

Compliant

GDPR

Compliant

ISO 27001

Certified

275

Controls

55

Resources

Compliance

Industry standards and regulatory compliance status

EU AI Act

EU Artificial Intelligence (AI)I Act (Regulation (EU) 2024/1689)

Compliant

GDPR

General Data Protection Regulation (GDPR)

Compliant

ISO 27001

ISO/IEC 27001:2022

Certified

SOC 2

AICPA Trust Service Principles Service Organization Controls (SOC)

In Progress

Controls

Implemented across all categories

Asset Management

7 controls

Inventory Management

Inventory Management: Applications

Inventory Labels

Business Continuity

5 controls

Business Continuity Plan

Continuity Testing

Business Impact Analysis

Backup Management

2 controls

Backup Configuration

Resilience Testing

Configuration Management

6 controls

Baseline Configuration Standard

Configuration Checks

Time Clock Synchronization

Change Management

4 controls

Change Management Workflow

Change Approval

Segregation of Duties

Cryptography

6 controls

Encryption of Data in Transit

Encryption of Data at Rest

Approved Cryptographic Technology

Data Management

15 controls

Data Classification Criteria

Data Inventory

Test Data Sanitization

Entity Management

11 controls

Board of Directors Structure and Purpose

Audit Committee

Organizational Structure

Identity and Access Management

14 controls

Logical Access Provisioning

Logical Access De-provisioning

Logical Access Review

Incident Response

9 controls

Incident Response Plan

Incident Response

External Communication of Incidents

Mobile Device Management

3 controls

Mobile Device Enrollment

Mobile Device Encryption

Configuration Management: Mobile Devices

Network Operations

4 controls

Network Policy Enforcement Points

Inbound and Outbound Network Traffic: DMZ Requirements

Network Segmentation

Security Governance

85 controls

Proprietary Rights Agreement

Information Security Program Content

Procedures

People Resources

8 controls

Background Checks

Performance Management

Organization Property Collection

Privacy

30 controls

Privacy Program Review

Notice of Personal Information Disclosure

PII Processing Agreements

Proactive Security

2 controls

Threat Hunting

Adversary Intelligence

Risk Management

14 controls

Service Risk Rating Assignment

Risk Assessment

Continuous Monitoring

System Design Documentation

4 controls

System Documentation

Whitepapers

Achieving Resilience Requirements

Service Lifecycle

10 controls

Service Lifecycle Workflow

Source Code Management

Allocation of Resources

Systems Monitoring

7 controls

Audit Logging

Security Monitoring Alert Criteria

System Security Monitoring

Site Operations

10 controls

Secured Facility

Physical Protection and Positioning of Cabling

Provisioning Physical Access

Training and Awareness

8 controls

General Security Awareness Training

Code of Conduct Training

Developer Security Training

Third-Party Management

5 controls

Third-Party Assurance Review

Vendor Risk Management

Vendor Non-disclosure Agreements

Vulnerability Management

6 controls

Vulnerability Scans

Application Penetration Testing

Infrastructure Patch Management

Resources

Important documents and policy information

System Description

Version 2026.1 • Last reviewed Apr 13, 2026

Control Environment & Governance

Version 2026.1 • Last reviewed Apr 13, 2026

Design and Development Plan (DDP) Policy

Version 2026.2 • Last reviewed Feb 24, 2026

Subprocessors

Third-party service providers and their compliance status

Wonder

Software as a Service

OAuth app authorized by users

rsg-identity-bridge-prod

Software as a Service

OAuth app authorized by users

Pocket

Software as a Service

OAuth app authorized by users

Standard Capital

Software as a Service

OAuth app authorized by users