Additional menu

Langer Labs

Marketing Technology Management

Security & Compliance Overview

Last Updated: January 12, 2025

At Langer Labs, we take data security and privacy seriously. As a Marketing Technology Management Provider, we help organizations optimize and manage their MarTech stack while ensuring that client data is handled securely and in compliance with industry best practices.

While we generally do not develop proprietary technology, we manage client data across third-party platforms and local environments. This document outlines the measures we take to protect client data, assess vendor security, and align with leading security frameworks.

Data Handling & Protection

We manage and process client data primarily through third-party marketing technology platforms. Our security practices include:

Data Classification & Handling

  • We handle our customer data including customer lists, marketing analytics, campaign performance data, and business contact information.
  • Data is processed through secure cloud-based platforms and not stored on our internal servers unless explicitly required.
  • We do not handle financial data, health records (HIPAA), or personally sensitive information beyond standard marketing data.

Access Controls

  • Role-Based Access Control (RBAC): Employees only have access to the data they need to perform their job functions.
  • Multi-Factor Authentication (MFA): Required for accessing all client systems and data.
  • Least Privilege Principle: Access to client data is restricted and revoked when no longer necessary.

Data Encryption & Secure Storage

  • Client data is stored in third-party platforms that utilize AES-256 encryption at rest and TLS 1.2+ encryption in transit.
  • Any locally stored data is protected using encrypted storage solutions and secure backup procedures.

Data Retention & Deletion

  • We follow client-specific data retention policies, ensuring that data is securely deleted upon request or after contractual obligations are met.

Vendor & Third-Party Security

We will support and use any system as directed by a client to manage their Marketing Technology. For Langer Labs internal systems, we have strict vendor security assessments in place, including:

Vendor Selection & Security Review

  • We work only with trusted third-party providers that maintain SOC 2 Type II, ISO 27001, or similar certifications.
  • Before engaging with a vendor, we review their security policies, compliance reports, and risk management measures.

Ongoing Vendor Risk Management

  • We conduct annual security reviews of Langer Labs internal systems.
  • If a vendor fails to meet security standards, we work to transition to a compliant alternative.

Cloud & Hosting Security

  • For internal Langer Labs systems, we primarily use Microsoft and other major cloud providers with strong security measures.
  • These platforms comply with SOC 2, ISO 27001, GDPR, and CCPA regulations.

Compliance & Industry Standards

While we are not yet SOC 2 or ISO 27001 certified, our security framework aligns with these industry best practices.

GDPR & CCPA Compliance

  • We ensure compliance with data privacy laws by not collecting or storing consumer data beyond what is necessary for business operations.
  • We support Data Subject Access Requests (DSARs) and allow clients to request data access or deletion.

Employee Security Training & Awareness

  • All employees undergo annual security awareness training covering phishing prevention, data handling, and privacy regulations.
  • We enforce strict password policies and access controls for all client-facing systems.

Incident Response & Business Continuity

  • We have an Incident Response Plan in place to detect, respond to, and mitigate security incidents.
  • In the event of a data breach, we follow standard breach notification procedures in compliance with applicable laws.

Our Commitment to Security

At Langer Labs, we are committed to continuously improving our security practices and aligning with industry standards. While we are not yet formally certified under SOC 2 or ISO 27001, we implement best practices that meet these frameworks.

If you have any questions about our security policies or require additional details, please contact us.