Security & Privacy
—-
Security is in our DNA
Foundational principles, values, and mindset.
Security focused from day 1
Remote-First Security
Our distributed team operates with security-first principles adapted for remote work environments. Our documented clean desk/clean screen policies extend to home offices, with additional protections for data handling in non-traditional workspaces. Employee and subcontractor pre-screening, logged two-factor authentication access, privileges on a ‘needs-to-know’ basis, compulsory drive encryption are just some of the measures we take to ensure that people are not the point of failure in our security endeavors.
Security and partners
AI, Privacy & Compliance
Modern tech use with responsible data governance.
Data residency and sovereignty
This approach enables us to implement regional data residency controls while maintaining the performance benefits of our cloud infrastructure. For projects requiring special data sovereignty requirements, we can provide detailed attestation and technical enforcements to meet your compliance needs. For enterprise-scale deployments with specific regulatory demands, we may offer customized on-premise solutions that replicate the cloud architecture, subject to infrastructure assessment and resource planning.
Make your AI trustworthy
AI is here to stay, so the real question is: what are we doing with it? We know the current rush towards large language models promises instant results – in productivity, but also in losing track on how your data is used. Luckily, at BeLazy we take security very seriously: we’re not just riding the AI wave—we’re doing it with a life jacket on. We take a security-conscious stance towards scalable and sustainable AI applications. While we still enable AI inclusion for testing through third-party orchestrators such as n8n and Make.com, BeLazy’s built-in LLM capabilities are limited to those that are rigorously scrutinized for security.
Simplified GDPR compliance
BeLazy’s platform is a workplace-only solution, and while the documents that go through the system may contain personal information, the metadata that we store never does. Every user that interacts with BeLazy needs to declare that they are only using the system for work-related reasons.
Infrastructure & File Handling
Where your data lives and how it’s stored
Industry-standard security solutions
Where there are world-class security solutions, we apply them instead of reinventing the wheel. For example, BeLazy does not offer its own credential management: we only allow login through authentication by Microsoft and Google, eliminating the potential of a password security breach on our end. As an extra layer of security, we keep access logs for two years, in line with the most demanding legislation worldwide.
Resilient Architecture
The MongoDB database implements triple replication to prevent disruption during component failures. We maintain daily automated backups with a Recovery Point Objective (RPO) of the previous day’s backup and a Recovery Time Objective (RTO) of 1.5 business days. The system integrations and synchronizations we work with automatically restore all projects to their actual status – rather than the RPO status – when the system is recovered. The platform uses rolling updates to ensure minimal service interruption during maintenance.
File storage as needed
While at BeLazy we retain our customers’ project metadata for reporting and project tracking reasons, for most of our customers the really sensitive information lies in files and documents. As we are moving these pieces of data from one system to another, we have to temporarily store these documents. We store all documents securely in Microsoft Azure blobs. We offer granular configuration as to which documents to retain, and which need to be deleted immediately after successful transfer, but not later than 8 calendar days regardless of whether the transfer was successful or not. We don’t analyse the content of these blobs, we only retain these documents with the single objective to give the user simple, unified access to all the files that are otherwise hard or almost impossible to extract from legacy systems.
Platform-Level Security & Response
How you secure the system and respond to threats.
Access & Identity Management
Every credential we store for logging in to different systems is securely stored in Microsoft Azure Key Vault, with every potential access by our developers logged. By choosing MongoDB Atlas running in Microsoft Azure as our database, we ensure data encryption both in transit and at rest, and provide for efficient database backup and system restore methods.
Best practices to prevent information leaks
At BeLazy we continuously monitor and address the OWASP Top 10 vulnerabilities and build security testing and automated code quality analysis into our release pipelines. We apply the DevSecOps methodology. We use automated vulnerability monitoring to address potential third party vulnerabilities. We regularly update all technologies we work with. Not even a bugfix is ever released without documented code peer review.
Incident response
All security events are tagged in our DevSecOps system for immediate visibility. Our 3-tier severity classification ensures proportional response times, with critical issues addressed within one business day and resolved within two.
