Luca prioritizes security and data protection, implementing industry-leading practices to safeguard your & your clients' information and maintain the highest standards of trust and compliance.
GDPR Compliance
Luca is designed to comply with the EU General Data Protection Regulation (GDPR) and UK data protection laws. We protect privacy by default and provide transparent data-processing practices.
Data Processing Agreements (DPAs): We enter into DPAs with all customers where we act as a processor, and we maintain DPAs (or equivalent Article 28 terms) with all sub-processors. See our current vendors at withluca.ai/subprocessors.
Data Subject Rights: We support all GDPR rights (access, rectification, erasure, restriction, objection, portability, and rights related to automated decision-making). Where we act as a processor, we promptly assist the customer (controller) in fulfilling requests.
Transparency: We document our processing activities, retention, international transfer safeguards (SCCs with UK Addendum/IDTA), and sub-processor relationships.
Security & Breach Notification: We apply encryption, access controls, logging, and incident response. If we act as a processor, we notify the customer without undue delay after becoming aware of a personal-data breach and assist them with their obligations. Where we act as a controller, we notify the relevant supervisory authority within 72 hours where required and affected individuals when legally mandated.
Data Encryption & Security
We employ enterprise-grade encryption and security measures to protect your data at every stage of processing and storage.
Encryption in Transit: All data is encrypted using TLS 1.3 during transmission between your systems and Luca.
Encryption at Rest: All stored data is encrypted using AES-256 encryption standards.
Secure APIs: All API communications are secured with OAuth 2.0 and JWT tokens.
Multi-Factor Authentication: Required for all administrative access and privileged operations.
EU-Based Infrastructure
We prioritise UK/EU hosting and minimise cross-border transfers. Customer documents are stored in UK/EU locations where configured. Some operational processing by vetted sub-processors (e.g., logging/observability, support, email delivery) may occur outside the UK/EU; these transfers are protected by the EU Standard Contractual Clauses with the UK Addendum/IDTA and additional safeguards.
Regional preference: We use UK/EU data centres for core storage and compute where available.
Limited transfers: When processing occurs outside the UK/EU, we apply SCCs/UK Addendum and technical measures (encryption, access controls, minimisation).
Luca leverages Render's enterprise-grade security infrastructure, which provides robust security measures and compliance certifications.
ISO 27001 Certified: Render maintains ISO 27001 certification for information security management systems.
SOC 2 Type 2 Compliant: Annual audits verify security, confidentiality, and availability controls.
GDPR-DPA Compliant: Full compliance with EU data protection requirements.
EU-US Data Privacy Framework: Certified under the EU-US DPF including UK extension and Swiss-US DPF.
HIPAA Ready: Platform supports healthcare applications with appropriate compliance measures.
Render's security practices include continuous monitoring, vulnerability management, and a comprehensive vulnerability disclosure program. For more details, visit Render's Security page.
Casa Tier 2 Verification
Luca has achieved Casa Tier 2 verification, demonstrating our commitment to the highest standards of security and trust in the cryptocurrency and blockchain ecosystem.
Security Excellence: Casa Tier 2 represents the highest level of security verification for cryptocurrency custody solutions.
Multi-Signature Security: Advanced cryptographic security measures protecting digital assets.
Industry Recognition: Recognition as a trusted partner in the digital asset security space.
Continuous Auditing: Regular security assessments and penetration testing.
Xero App Partner Security Assessment
As a verified Xero App Partner, Luca has successfully passed Xero's rigorous Security Assessment, ensuring our integration meets the highest security standards for accounting software.