Secure by design,private by default.
Lattice operates on a zero-trust architecture. Your data never leaves your infrastructure and every action is recorded in an immutable audit log.
16
Capas de seguridad
AES-256
Cifrado en reposo
TLS 1.3
Cifrado en tránsito
0
Retención en Sintérgica
Regulatory compliance
from the architecture up
Lattice operates on a multi-layer security foundation that meets current Mexican regulation and is ready for international audits.
LFPDPPP
Federal Law on Protection of Personal Data Held by Private Parties. Data handling, consent, and ARCO rights implemented by design.
LGTAIP
General Law on Transparency and Access to Public Information. Access controls and traceability of public information aligned with the regulation.
AES-256 at rest
All stored data is encrypted with AES-256-GCM. Keys are managed with automatic rotation and never exposed in plain text.
TLS 1.3 in transit
All communication between services and clients is encrypted with TLS 1.3. Perfect Forward Secrecy enabled by default on all endpoints.
Granular RBAC
Role-based access control with resource-level policies. Each user accesses only what they need; least privilege by default.
No retention at Sintérgica AI
Sintérgica AI does not store, train on, or process your data on its servers. All computation happens on your infrastructure.
ISO 27001 ready
Architecture and controls aligned with the ISO/IEC 27001 standard for information security management systems.
SOC 2 ready
Controls oriented to AICPA Trust Services criteria: security, availability, processing integrity, and confidentiality.
16 layers enforced
by design
Security is not an add-on module; it is enforced by the architecture. The 16 layers operate together on every inference, every agent, every flow and every module of the Lattice ecosystem.
Isolated execution sandbox
All code generated by agents runs in a WebAssembly sandbox or isolated container. Code never touches the host or client network without explicit authorization.
Step-level immutable audit log
Every decision, tool invocation, parameter and result is signed with timestamp and model reference. Exportable for external audit.
Configurable human approvals
Critical actions require human confirmation before execution. Configurable per risk level and per agent from Lattice Org.
Documented compliance
Logs and policies aligned with LFPDPPP and LGTAIP. ISO 27001 and SOC 2 Type II in preparation. Eligible for Mexican public tender.
Secure sessions,
no traces on our servers
Lattice's conversational interface was designed for highly regulated environments. Full administrator control over every session and credential.
Sessions with configurable expiration
Each user session has a TTL (time-to-live) defined by the administrator. Inactive sessions are automatically invalidated according to your organization's policy.
- Configurable TTL per role or user
- Automatic closure on inactivity
- Instant revocation from admin panel
User/role-based access control
Access policies at the conversation, agent, and tool level. Segmentation by department, project, or data classification level.
- Agent-level access policies
- Segmentation by department and project
- Permission inheritance and override
No storage on Sintérgica AI servers
Conversation history, attached documents, and session context reside exclusively on the client's infrastructure. Sintérgica AI has no access.
- History on your infrastructure only
- Sintérgica AI has no access to conversations
- Full data sovereignty by design
SSO / LDAP
Native integration with your corporate directory. A single control point for onboarding, offboarding, and access changes.
- SAML 2.0 and OpenID Connect (OIDC)
- Active Directory and LDAP
- Configurable mandatory MFA
Ready for the most
demanding regulatory frameworks
Lattice deploys private AI for regulated sectors in Mexico and Latin America. The zero-trust architecture meets the requirements of the leading global standards.
| Framework | Scope | Region | Status | Description |
|---|---|---|---|---|
| LFPDPPP | Personal data | Mexico | Compliant | Federal Law on Protection of Personal Data Held by Private Parties. ARCO rights, explicit consent, and controlled transfers implemented by design. |
| LGTAIP | Public transparency | Mexico | Compliant | General Law on Transparency and Access to Public Information. Traceability of access to government information and classification controls. |
| ISO 27001 | Information security | International | Audit-ready | Information Security Management System (ISMS). Controls A.5–A.18 implemented; architecture ready for certification process. |
| SOC 2 Type II | Service controls | U.S. / Global | Audit-ready | AICPA Trust Services Criteria: security, availability, processing integrity, and confidentiality. Logs and controls ready for third-party audit. |
| HIPAA | Health data | U.S. | Audit-ready | Health Insurance Portability and Accountability Act. Encryption, access controls, and PHI (Protected Health Information) audit prepared for the health module. |
| GDPR | Personal data | European Union | Architecture compatible | General Data Protection Regulation. On-premise data architecture and sovereignty controls compatible with GDPR data residency and transfer requirements. |
LFPDPPP
Personal data · Mexico
Federal Law on Protection of Personal Data Held by Private Parties. ARCO rights, explicit consent, and controlled transfers implemented by design.
LGTAIP
Public transparency · Mexico
General Law on Transparency and Access to Public Information. Traceability of access to government information and classification controls.
ISO 27001
Information security · International
Information Security Management System (ISMS). Controls A.5–A.18 implemented; architecture ready for certification process.
SOC 2 Type II
Service controls · U.S. / Global
AICPA Trust Services Criteria: security, availability, processing integrity, and confidentiality. Logs and controls ready for third-party audit.
HIPAA
Health data · U.S.
Health Insurance Portability and Accountability Act. Encryption, access controls, and PHI (Protected Health Information) audit prepared for the health module.
GDPR
Personal data · European Union
General Data Protection Regulation. On-premise data architecture and sovereignty controls compatible with GDPR data residency and transfer requirements.
Does your industry have specific regulatory requirements?
Sintérgica AI deploys private AI for regulated sectors in Mexico and Latin America. Schedule a security assessment with our team.