Your system runs on Intercom or Gorgias, depending on your build. Both are enterprise platforms with independently audited security programs. This article covers what they hold, and where LucentLayer's own practices sit.
Intercom (B2B and SaaS builds)
Standard | What it means |
SOC 2 Type II | Independently audited controls, tested over a sustained period rather than at a single point Intercom |
ISO 27001:2022 | Certified information security management system — the policies, procedures, and controls governing how critical data is managed and protected Intercom |
ISO 27018 | Code of practice for protecting personally identifiable information in public cloud environments Intercom |
ISO 27701 | Privacy information management |
ISO/IEC 42001:2023 | The international standard for AI management systems, covering AI governance and monitoring |
GDPR and CCPA | GDPR compliance since it came into effect, with features enabling customers to meet their own obligations Intercom |
HIPAA | Attestation report maintained since 2021, renewed annually, covering the handling of protected health information Intercom |
Gorgias (E-Commerce Builds)
Standard | What it means |
SOC 2 Type II | Independently audited security controls |
GDPR | Data processing agreement covering EU and UK GDPR, with standard contractual clauses for international transfers Gorgias |
LucentLayer's Own Practices
We hold administrator access to your workspace and scoped access to your connected tools. That access is:
Granted by you, visible in your settings, and revocable at any time
Limited to the permission level the work requires, and we tell you the reason for each
Held by named individuals rather than shared credentials
Removed immediately on offboarding
AI and Your Data
Both platforms process customer conversations through their AI agents. How that data is used, retained, and whether it contributes to model training is governed by the data processing agreement between the platform and you.
If this matters to your compliance position, raise it during scoping and we'll walk you through exactly where the settings sit and what the agreement says.
For Your Procurement Team
We can supply certification reports, data processing agreements, subprocessor lists, and completed security questionnaires. Intercom's trust center is self-serve if your team prefers to pull documents directly.
💬 Still Have Questions?
Need more help? Our team responds to every message within 24 hours. Start a conversation and we'll point you in the right direction.
