Security controls that match identity operations.
Lamba is designed to keep tenant data scoped, encrypted, and auditable — with clear incident communication and procurement-friendly references.
Core controls
Security posture is anchored in tenant boundaries, encryption, access control, and operational visibility.
Tenant isolation
Data is scoped to tenants and projects.
Encryption
TLS in transit; encryption at rest.
Access control
Role-scoped access, least privilege.
Audit trails
Exportable logs and trace IDs.
Incident response
Clear severity and status updates.
Responsible disclosure
If you believe you've found a security issue, email security@uselamba.com with steps to reproduce. We ask you to give us reasonable time to investigate and remediate before public disclosure.
Scope
- In scope: uselamba.com properties, public APIs, SDKs provided by Lamba.
- Out of scope: social engineering, physical attacks, denial-of-service, third-party services not controlled by Lamba.
Safe harbor
We will not pursue legal action against researchers who follow this policy and act in good faith.
Best-effort response targets: acknowledgement within 1 business day and ongoing status updates based on severity.
Status and incident communication
Track live status, incident lifecycle updates, and postmortem expectations from one public surface.
Status page
Current service state, subscription options, and incident history are published at /status.
External monitoring
Public mirror: sandbox.status.uselamba.com for independent status visibility.
Reference links
Use these links for procurement and security review workflows.