LightYear is built with security as a first principle — not an afterthought. From AES-256 encryption and TLS 1.3 to always-on DDoS protection and SOC 2 Type II certification, every layer of our infrastructure is designed to protect your workloads.
Six layers of protection — from the physical data center to the application layer — working together to keep your data safe.
We welcome security researchers who responsibly disclose vulnerabilities. We commit to acknowledging all reports within 48 hours and coordinating public disclosure after remediation.
Identify a potential vulnerability and document the reproduction steps, affected components, and estimated impact.
Email [email protected] with your findings. Use our PGP key (available on the contact page) for sensitive reports.
We acknowledge all reports within 48 hours and provide an initial severity assessment within 5 business days.
Our security team works to remediate confirmed vulnerabilities. We keep you updated on progress throughout the process.
We coordinate public disclosure with you after a patch is deployed. Researchers may be credited in our security advisories.
Email [email protected] with a description of the issue, reproduction steps, and estimated impact. Use our PGP key for sensitive disclosures. We do not pursue legal action against researchers who follow responsible disclosure guidelines.
Our incident response process is designed to minimise customer impact. We follow a structured four-phase approach with defined SLAs at every stage.
Automated monitoring and alerting detects anomalies within minutes. On-call security engineers triage and classify the incident within 30 minutes of detection.
Affected systems are isolated to prevent lateral spread. Impacted customers are notified via status page and email within 1 hour of confirmed incident.
Root cause is identified and eliminated. Systems are restored from verified clean backups. Full service restoration is the primary objective.
A detailed post-mortem is published within 5 business days. Root cause analysis, timeline, and remediation steps are shared publicly on our status page.
All incidents are published on our public status page with full post-mortem reports.
View System StatusCommon questions about LightYear's security and compliance program.
Deploy your first server in under 60 seconds. SOC 2 Type II certified, GDPR compliant, with always-on DDoS protection and AES-256 encryption included on every plan.
Compliance documentation available to enterprise customers · [email protected]