Lette Logo

Lette Trust Center

Live monitoring by Noru
Last updated Feb 10, 2026

Security and Trust at Lette

Enterprise-grade security. Built for modern rental operations.

At Lette, protecting your data is foundational to how we build and operate our platform. We work with institutional owners, operators, and financial partners who trust us with sensitive operational, financial, and resident information, and we take that responsibility seriously. Security, privacy, and compliance are embedded into our product design, infrastructure, and internal processes from day one.

Our platform is built using industry best practices across cloud security, access controls, data encryption, and continuous monitoring. Lette operates as a data processor, never using customer data to train AI models, and hosts all production systems in secure EU-based infrastructure. This Trust Center provides transparency into our security posture, compliance commitments, and how to responsibly report vulnerabilities.

Report a vulnerabilityPrivacy Policy

Overview

EU AI ActEU AI Act
CertifiedCertified
GDPRGDPR
CertifiedCertified
149
Controls
28
Resources

Compliance

Industry standards and regulatory compliance status

EU AI Act

EU AI Act

EU Artificial Intelligence (AI)I Act (Regulation (EU) 2024/1689)

Certified
GDPR

GDPR

General Data Protection Regulation (GDPR)

Certified

Controls

Implemented across all categories

Business Continuity

2 controls
Business Continuity Plan
Business Continuity Management System (BCMS)

Incident Response

5 controls
Incident Response Plan
Data Breach
Situational Awareness For Incidents

Security Governance

80 controls
Information Security Program Content
Policy and Standard Review
Information Security Management System Scope

Risk Management

8 controls
Service Risk Rating Assignment
Risk Assessment
Risk Management Program

Asset Management

1 controls
High-Risk Asset Categorization

Configuration Management

2 controls
System Hardening Through Baseline Configurations
Configure Systems, Components or Services for High-Risk Areas

Systems Monitoring

2 controls
System Generated Alerts
Event Log Retention

Cryptography

1 controls
Use of Cryptographic Controls

Data Management

9 controls
Data Protection
Data & Asset Classification
Media & Data Retention

People Resources

2 controls
Position Categorization
Defined Roles & Responsibilities

Identity and Access Management

1 controls
Role-Based Access Control (RBAC)

Privacy

25 controls
Data Privacy Program
Data Protection Officer (DPO)
Binding Corporate Rules (BCR)

Service Lifecycle

8 controls
Allocation of Resources
Cybersecurity & Data Privacy Requirements Definition
Technology Development & Acquisition

System Design Documentation

2 controls
Achieving Resilience Requirements
Standardized Terminology

Training and Awareness

1 controls
Role-Based Cybersecurity & Data Privacy Training

Resources

Important documents and policy information

Legal, Regulatory & Contractual Compliance Register

Version 2026.2 • Last reviewed Feb 10, 2026

Organizational Roles & Responsibilities

Version 2026.2 • Last reviewed Feb 10, 2026

Nonconformity & Corrective Action Procedure

Version 2026.2 • Last reviewed Feb 10, 2026

Subprocessors

Third-party service providers and their compliance status

Amazon Web Services

Other

Cloud infrastructure platform used for hosting applications and storing data, including customer PII.

Google Workspace

Other

Cloud productivity and identity platform providing email, document collaboration, storage, and authentication used for sign-in to tools and systems.

Slack

Other

Business messaging and collaboration platform used for internal communication and integrations with other tools.

Notion

Other

Collaborative workspace platform for documentation, knowledge management, and light project management.