At Lucid, our commitment to security isn't just a promise; it's ingrained in every line of code, every feature, and every decision we make. From the beginning, we’ve taken a proactive approach to creating a safe and trustworthy environment for visual collaboration. 

With Lucid, you get all the benefits of visual collaboration—including connecting hybrid teams, sharing ideas and information, and clarifying complex concepts—without sacrificing the peace of mind that comes from knowing your data is secure.

While no platform can promise impenetrable security, Lucid’s dedication to proactively identifying, reducing, and correcting risks means that we do everything in our power to safeguard our platform and your data. In this article, we’re filling you in on our security features, ways we follow industry best practices, and our impressive security certifications.

Security: Protecting your data and securing the platform

When it comes to security, our north star is the principle of least privilege. The principle of least privilege means that users’ access rights are limited to only what they strictly require to do their jobs—nothing more, nothing less.

These are a few of the ways we abide by this principle and take measures to ensure the security of your account and documents:

Access limitations

Our customers have unprecedented control over their accounts. Only those directly involved with your account have access to any of your information, and even then, our internal teams can’t see any of your documents without you providing us with a PIN. These measures add additional layers of security to your account and ensure that you have complete control.

We have a simple role-based permissions system that allows administrators to manage access to documents owned by the account. That means that admins on your team can restrict access to any and all documents created within your Lucid account.

Information security governance

Securing customer data is a primary objective of the highest levels of management at Lucid. That’s why we have an entire team dedicated to securing Lucid’s systems, processes, and controls. Our security team is the backbone of so much of what we do to build an environment cemented in industry best practices. 

On a daily basis, our team develops and implements Lucid’s overall security program, which includes training sessions, internal audits, and compliance evaluations. They also assist our operations teams in maintaining event reporting-related systems, identity management, configuration management, and ensuring our organization as a whole is properly geared to accommodate the security requirements of our customers. 

Secure infrastructure

Our applications are powered by Amazon Web Services (AWS). AWS is the leading provider of secure computing infrastructure, which is why it’s a perfect fit for our high standards. We opted for AWS because it meets stringent security requirements, including heightened control over our infrastructure. 

AWS has achieved several certifications attesting to its stellar reputation, including: 

• SOC 2 Type ll audits
• ISO 27001 certification
• U.S. General Services Administration FISMA Moderate level operation authorization
• Level 1 service provider under the Payment Card Industry (PCI) Data Security Standards (DSS)

Data encryption

We understand the sensitivity of private business documents, ideas, communication, and personally identifiable information all too well, which is why data encryption is a top priority for Lucid. To protect the privacy of customer information, all data is transferred between user devices and Lucid servers using up to 256-bit encryption via TLS 1.2 and a world-class certificate provider. We also encrypt data at rest to protect the secrecy of all data persisted by the applications.

Lucid’s enterprise features also include Key Management Service (KMS), which allows customers to control their own unique encryption keys to add an additional level of security.

Compliance: Collecting certifications and maintaining requirements

Lucid understands the value of obtaining vital industry security certifications and maintaining local and international requirements. That’s why we’ve invested in our infrastructure and protocols to ensure we build the most trust possible with our customers. 

Recently, Lucid was granted two exciting certifications that demonstrate our continued dedication to security. Those certifications include the ISO 27001 and the CASA certification. Typically, these certifications (especially the ISO 27001) take a considerable amount of time to obtain because the requirements are so intense. 

When Lucid was audited for these certifications, we were able to move through the process at breakneck speed because we were already adhering to so many industry best practices. 

Lucid holds and maintains several compliance certifications, including: 

• GDPR compliant
• PCI compliant
• SOC 2 Type ll audited (representing an external verification of Lucid’s internal processes and controls)
• EU–U.S. and Swiss–U.S. Privacy Shield certification and adherence to their principles
• ISO 27001
• Cloud Application Security Assessment (CASA)
• FedRAMP Authorized

Data governance: Granting unprecedented visibility and control to admins

At Lucid, we believe in data ownership. Lucid claims no ownership over any documents created in our software, and our users retain copyright and any other rights, including all intellectual property rights, on any created documents or content. We’re incredibly passionate about this initiative, and our enterprise features allow organizations to maintain governance of their accounts to better adhere to compliance requirements across many industries.

Lucid’s philosophy when it comes to our customer relationships is that we’re here to be partners. That means we encourage open lines of communication and have intimate conversations with our enterprise partners about their unique needs, concerns, or compliance requirements to ensure the utmost security and peace of mind when investing in Lucid.

Account and document controls

Lucid’s account management tools allow admins to manage their accounts and documents, including various custom security settings and measures. 

A few of Lucid’s key admin settings to manage include: 

• Domain control: Using this feature, new users at your organization are automatically placed under a single Enterprise account that you control.
• Domain restrictions: With this setting, admins can choose whom employees share their documents with or invite to join the account.
• Document sharing: It’s much easier to protect company assets when you know how they’re being distributed, and with document sharing, you get complete control and visibility. 
• Document discovery: Our document discovery feature allows you to search, view, and edit sharing permissions for any documents that your team’s account owns.

You can find even more admin controls, group management capabilities, integrations, and other features on the team settings page. On the team settings page, admins can:

• Restrict publishing and embedding of documents as web pages, exportable documents, and images.
• Restrict the generation of public links to documents.
• Restrict user login to whitelisted IP addresses.
• Create share links that expire.
• Force session timeouts.

Why should you trust Lucid?

Security threats are constantly changing and evolving, which means every software is vulnerable to external and internal threats. Lucid acknowledges the element of unkown and embraces the process of proactively implementing security measures to create the safest possible environment for collaboration. 

Lucid’s commitment to security is why some of the world's largest financial institutions trust us with their data.

You don’t have to take our word for it. In a 2023 commissioned Total Economic Impact™ study conducted by Forrester Consulting on behalf of Lucid, a technology strategy manager in the financial services industry said:

"The Lucid Suite came across as one of the most secure [solutions] in terms of controls [and] compliance, and we have a very heavy-handed assessment."

Our proactive approach and dedication to creating the safest environment possible for visual collaboration help us to build long-lasting relationships with our customers. You can rely on us to fuel secure collaboration and innovation for your teams.