Lette logo

Lette

Last updated Apr 16, 2026

Security and Trust at Lette

Enterprise-grade security. Built for modern rental operations.

At Lette, protecting your data is foundational to how we build and operate our platform. We work with institutional owners, operators, and financial partners who trust us with sensitive operational, financial, and resident information, and we take that responsibility seriously. Security, privacy, and compliance are embedded into our product design, infrastructure, and internal processes from day one.

Our platform is built using industry best practices across cloud security, access controls, data encryption, and continuous monitoring. Lette operates as a data processor, never using customer data to train AI models, and hosts all production systems in secure EU-based infrastructure. This Trust Center provides transparency into our security posture, compliance commitments, and how to responsibly report vulnerabilities.

Report a vulnerabilityPrivacy Policy
EU AI Act
GDPR
ISO 27001
SOC 2
275
controls
55
resources
143
subprocessors

Compliance

4

Independently audited and continuously evidenced against the standards our customers rely on.

EU AI Act
Compliant

EU AI Act

EU Artificial Intelligence (AI)I Act (Regulation (EU) 2024/1689)

Valid through
Apr 16, 2027
GDPR
Compliant

GDPR

General Data Protection Regulation (GDPR)

Valid through
Apr 16, 2027
ISO 27001
Certified

ISO 27001

ISO/IEC 27001:2022

Valid through
Apr 16, 2027
SOC 2
In progress

SOC 2

AICPA Trust Service Principles Service Organization Controls (SOC)

Valid through
Apr 16, 2027

Controls

275

The safeguards we operate across our organization, technology, people, and facilities.

Inventory Management

Asset Management

Organization maintains an inventory of information systems, which is reconciled on a periodic basis.

Reviewed Apr 10, 2026SOC 2

Inventory Management: Applications

Asset Management

Organization maintains an inventory of application assets, which is reconciled on a periodic basis.

Reviewed Feb 23, 2026SOC 2

Inventory Labels

Asset Management

Organization assets are labeled and have designated owners.

Reviewed Feb 23, 2026ISO 27001SOC 2

Media Marking

Asset Management

Where applicable, Organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. Exemptions must be approved by management and remain in a specific controlled area.

Reviewed Mar 21, 2026ISO 27001

Asset Transportation Authorization

Asset Management

Organization authorizes and records the entry and exit of systems at datacenter locations.

Reviewed Mar 21, 2026ISO 27001SOC 2

Maintenance of Assets

Asset Management

Equipment maintenance is documented and approved according to management requirements.

Reviewed Mar 21, 2026ISO 27001SOC 2

Business Continuity Plan

Business Continuity

Organization's business contingency plan is periodically reviewed, approved by management and communicated to relevant team members.

Reviewed Feb 10, 2026SOC 2EU AI Act

Continuity Testing

Business Continuity

Organization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results

Reviewed Mar 21, 2026ISO 27001SOC 2

Resources

55

Policies, documentation, and reports that govern how we protect customer data.

System Description

Version 2026.1 · Reviewed Apr 13, 2026 · yearly

Control Environment & Governance

Version 2026.1 · Reviewed Apr 13, 2026 · yearly

Design and Development Plan (DDP) Policy

Version 2026.2 · Reviewed Feb 24, 2026 · Annual

System Security & Privacy Plan (SSPP)

Version 2026.2 · Reviewed Feb 24, 2026 · Annual

Information Assurance Program (IAP) Policy

Version 2026.2 · Reviewed Feb 24, 2026 · Annual

Data & Asset Classification Policy

Version 2026.2 · Reviewed Feb 24, 2026 · annual

Log and Event Log Review & Analysis Policy

Version 2026.2 · Reviewed Mar 25, 2026 · Monthly

Automated Event Escalation & Reporting Policy

Version 2026.2 · Reviewed Feb 24, 2026 · Annual

Subprocessors

143

Third-party providers that process customer data on our behalf, and where they operate.

Wonder

Software as a Service

OAuth app authorized by users

Website

rsg-identity-bridge-prod

Software as a Service

OAuth app authorized by users

Website

Pocket

Software as a Service

OAuth app authorized by users

Website

Standard Capital

Software as a Service

OAuth app authorized by users

Website

Google AI Studio

Software as a Service

OAuth app authorized by users

Website

Cal.com

Software as a Service

OAuth app authorized by users

Website
Reddit

Reddit

Software as a Service

OAuth app authorized by users

Website

Project Default Service Account

Software as a Service

OAuth app authorized by users

Website

Questions about our security?

We're glad to help your security and procurement teams move quickly.

Contact usReport a vulnerabilityPrivacy Policy
Lette | Trust Portal | Noru