Single sign-on (SAML / OIDC)
Access through your own identity provider and policies.
Enterprise security
Built in, not bolted on
Lexa fits environments where controls are part of the contract. The essentials ship from day one, and we say plainly what's certified and what's roadmap.
Built in
Controls regulated buyers expect
Part of the platform, not add-ons you negotiate later.
Customer-managed keys
Hold your own encryption keys. Your data stays yours.
Encryption everywhere
AES-256 at rest, TLS 1.3 in transit. No exceptions.
Immutable audit log
An append-only record of every action. Defensible when it counts.
In-region data residency
Your data stays in the region you choose.
Tenant isolation
Each customer's data is separated by design. Never co-mingled.
Roadmap
Where we're headed, stated plainly
We won't claim certifications we don't hold. These are targets we're working toward.
SOC 2 Type II
In progress · Controls being put in place
ISO 27001
In progress · Target set, timeline shared on request
Certifications we're earning, not claiming
SOC 2 Type II and ISO 27001 are in progress, not yet certified. Until they land, we share controls, evidence, and pen-test summaries, and complete your security questionnaire on request.
Talk to us
Talk to us about security
Bring your security review and your hardest questions. We answer with evidence.