Security

LarpLabs runs on hardened cloud infrastructure with isolated environments for development, staging, and production. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.

Production access is restricted to a small group of engineers, gated by SSO and hardware-backed multi-factor authentication. Access is logged and reviewed quarterly.

We follow OWASP guidance, run automated dependency scanning, and conduct periodic third-party penetration tests. Findings above a defined severity threshold are tracked to remediation in a published SLA.

Subprocessors are reviewed for security and compliance posture before onboarding and re-reviewed annually. Our subprocessor list is available on request.

We maintain a documented incident response plan with on-call rotations. Customers will be notified of confirmed security incidents that affect their data without undue delay.

We welcome responsible disclosure. Please email [email protected] with details. We typically acknowledge reports within one business day.