Security

Read about the measures Lexchart takes to protect your data and security the application.

This document outlines the security principles and practices used in Lexchart.

Security requirements

Security is at the core of Lexchart's architecture, development, and deployment.

Leverage security frameworks and libraries

We select frameworks and libraries as part of system design, which conform to our stringent security requirements. Among other factors, we select frameworks and libraries which are from trusted sources. The frameworks and libraries are actively maintained by teams of developers. The building blocks are used by large, global companies powering some of the largest websites on the internet.

Secure database access

Database queries are secured. As a general matter, we take a "zero trust" approach to security. This means that requests for data from our servers must satisfy security requirements.

Lexchart authenticates users over a secure channel before responding to requests for data in the application. All communication with the server -- requests from the client and responses from the server -- happens over secure HTTPS, the communication protocol encrypted with Transport Layer Security (TLS).

Encode and escape data

We employ a variety of techniques to sanitize data submitted to our servers as part of our zero trust philosophy. All submissions are encoded. When special characters are necessary for legitimate purposes, we escape those characters.

Validate all input

To implement our zero trust approach to security, we validate the syntax and semantics of all requests for data from our servers. All input validation is done server-side for security. We perform client side validation prior to submission.

Implement digital identity

User access is authenticated with strong password practices. Users must create a strong password at the time of account creation. Insecure passwords are rejected. Our password strength requirements are based on a combination of algorithms, empirical data, and known security risks. We implement a secure password recovery mechanism.

Session management

When users initiate a session (they log in), our server generates a secure session id. Browser cookies used for session management are limited in time and scope.

Enforce access controls

In addition to the user authentication described above, users are authorized to access certain data and features through access controls in the application. As part of our zero trust approach, all requests for data and feature access are denied by default. Authenticated users with the correct authorization (access privileges) are allowed to request data and features.

User authorization to features and data is governed by their attributes. The application uses an attribute based access control approach to control access based on attributes of the user, the requested data, and the environment.

Protect data

All data is encrypted in transit through end-to-end secure communication using TLS. All data is encrypted at rest in our application.

We use PCI compliant vendors to process all credit card transactions. We store no credit card data. We require minimal user information sufficient for creating an account.

Security logging and monitoring

Our system architecture uses consistent logging across application features and security specific requirements. We monitor usage of the application for behavior which is inconsistent with the expected usage, timing, or data.

Error handling and exceptions

We include extensive error handling within the application to provide a consistent, reliable user experience. Exceptions are logged and appropriate staff are notified of events.

Contact us with any questions.