Information security and data privacy

Far beyond your contracts, netLex makes your business operations safer in every way. From software development to customer use, our focus is on protecting your data and ensuring the integrity of your information.

Talk to our experts
Ícone para direita

Your data security is our priority

We use a set of best practices and policies to ensure data protection and security


ISO 27001

ISO 27001 is widely known, providing requirements for an information security management system (ISMS).

SOC 2 Type 1

SOC 2 Type 1 report covering security, availability, integrity and confidentiality.

SOC 2 Type 2

SOC 2 Type 2 report covering security, availability, integrity and confidentiality.

Infrastructure Security

Amazon Web Services

netLex hosts all its services in AWS data centers and ensures protection against DDoS attacks using AWS Shield.



Security Compliance

We use best practices and standards to ensure security and privacy.

SOC 2 Type I - We undergo routine audits to receive SOC 2 Type I reports, which are available upon request and pursuant to a non-disclosure agreement (NDA). The latest SOC 2 Type I report can be requested through the email

SOC 2 Type I - We undergo routine audits to receive updated SOC 2 Type II reports, which are available upon request and pursuant to a non-disclosure agreement (NDA). The latest SOC 2 Type II report can be requested through the email

ISO 27001:2013 - We are ISO 27001:2013 certified. For more information, click here.

The netLex infrastructure is on Amazon Web Services (AWS), meeting the strictest security requirements, which are audited and certified. For more details on AWS compliance click here.

Compliance and Regulations

netLex has supported its customers in complying with the LGPD by simplifying data governance. As operators of personal data, we guarantee security and efficiency in management. In addition, netLex has an Internal Data Protection Policy that is part of the onboarding of all its employees and is periodically reinforced through training.

GDPR - Our activities comply with the General Data Protection Regulation of the European Union (GDPR), which governs the data protection and privacy of all citizens of the European Union .

LGPD - Our activities comply with the General Data Protection Law, LAW No. 13,709, OF AUGUST 14, 2018 - LGPD, which provides for the processing of personal data, including in digital media, by natural persons or legal entities of public or private nature, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person. For details on what information we collect and how we use, share and store it, please see our privacy policy by clicking here.


Cloud Security

Physical security - All our infrastructure is on Amazon Web Services (AWS) that manages physical and environmental security. AWS has resources such as emergency power sources, fire suppression equipment, guards, fences, an internal security system, among other measures that can be analyzed in more detail through the AWS control and security measures information sheet here. In addition, our internal security program covers physical security in our office .

Infrastructure Security - Data is hosted in AWS data centers that meet standards such as ISO 27001, PCI DSS, SOC 2, and others. For more details on AWS compliance click here.

Network Security - Our network is protected using leading AWS security services, regular audits and network monitoring. For more details on AWS security infrastructure click here.

Availability and Continuity - netLex maintains 24/7 active monitoring and incident management best practices, in addition to the system availability status page and incident history which can be accessed here. Our disaster recovery program ensures that our services remain available and recover quickly, minimizing impact in a disaster scenario .

Actions and Activity Logs - Logs of actions and activities such as modifying settings, creating and deleting assets from production subscriptions are maintained to allow for audits and investigations whenever necessary .

Monitoring - There is monitoring of actions through a dashboard and alerts where the compliance of the environment with respect to the security policies in force is inspected .


Application Security

Secure Development (SDLC) - In addition to the controls and tests performed during the implementation process, we develop the skill in secure development in-house. To this end, we provide training that includes OWASP's top 10 security risks, common attack vectors, and security controls .

Segregation of environments - There is a separation of development, approval and production environments, each considering their respective access permissions. The production environment follows the least privilege concept and no production data is used in our development or test environments .

Pentest execution - Every year, we hire an independent third-party company to perform a gray box pentest .

Static Code Analysis - SAST - Every build pipeline is examined using a static code analysis tool. With this tool, categories of software defects are evaluated, including: code smells, vulnerabilities and security hotspots .

SCA Analysis - Software Composition Analysis - Verification of component software, libraries, and search for vulnerabilities is performed .

Source code storage - Source codes are stored in a private Git repository, with authorized access using built-in authentication .

Secret Management - Sensitive application information such as API keys and database passwords are stored in password vault with activity log and restricted network access .

Dedicated Security Team - Our security team is available to respond to security alerts and events .


Product Safety

Authentication - netLex natively supports SSO with the SAML 2.0 and LDAP protocols. More details about this configuration, click here.

Access control - Granular access control based on roles with permission levels, following the RBAC model, with the possibility of integration with SSO for authorization, in addition to authentication .

IP Restrictions - netLex can be configured, in the context of integrations, to allow API access only from specifically defined IP address ranges .

Response to security incidents - In the event of a security incident, the team responsible for incident management is activated. This team is trained in security incident response processes, with the aim of applying quick actions to minimize impacts .


Data security

Encryption - We use strong encryption standards to protect data at rest and in transit between netLex customers and the AWS cloud service provider.

  • Data Encryption in Transit - All communication with the netLex interface and APIs is encrypted by the HTTPS/TLS standard (TLS 1.2 or later) over public networks.
  • Data encryption at rest - Data is encrypted at rest on AWS using the AES-256 cryptographic algorithm.

Backups - Backups are automatic and geographically dispersed. Strong backup protection controls are applied and frequent restore tests are performed .

Data Storage Location - Data is stored in AWS data centers in the US, Europe and South America. Customers can choose to define where data is stored .


Human resources security

Culture and awareness - Our culture and awareness program aims to train all netLex employees and make thinking about Information Security a natural part of everyday life. For this, we have the onboarding process, in which new employees are trained by the Information Security team before starting their activities, to learn about the Information Security Policy (PSI), General Data Protection Law (LGPD) and other topics.

The teams routinely receive training on topics related to security and privacy from the Information Security team, in which netLex's internal communication channels are used to keep all employees informed about topics related to security, seeking to raise awareness and to keep up to date with the Information Security Policy (PSI) .

Information Security and Compliance Committee - We have an Information Security and Compliance Committee with the participation of people from different teams, with the objective of identifying security needs, for a proactive action in the face of possible risks to the projects as well as discussion of internal Information Security actions on netLex .


Useful links