Military-Grade Encryption

End-to-End Encryption Technology

Your Data Belongs Only to You and is Mathematically Secure

Lextum uses cryptographic standards used by banks to protect your data. Your files are always encrypted while stored on our servers (At-Rest) and while being transported over the internet (In-Transit).

Always-On Encryption

Data Protection in Motion and at Rest

Data security covers not only storage but also the transfer process. Lextum applies encryption at every stage of the data life cycle.

User

Browser / App

TLS 1.3

In-Transit

Lextum Servers

AWS Frankfurt

AES-256

At-Rest

Database

Encrypted Storage

During Transfer (In-Transit)

All communication between your browser and Lextum servers is encrypted with TLS 1.3 (Transport Layer Security) protocol. Your data cannot be read by anyone while traveling over the internet.

During Storage (At-Rest)

Every byte of data residing in our databases and file servers is written to disk encrypted with the AES-256-GCM standard. Even if the physical disk is stolen, the data consists of meaningless characters.

Cryptographic Standards We Use

We don't leave security to chance. We use the industry's most accepted and theoretically unbreakable algorithms.

At-Rest Encryption

AES-256-GCM

Your data is stored on disk with the Advanced Encryption Standard (AES) 256-bit algorithm. This standard is the world's most secure encryption method.

In-Transit Encryption

TLS 1.3

All data transfers are protected by the latest versions of the Transport Layer Security (TLS) protocol. Provides full protection against 'Man-in-the-middle' attacks.

Password Security

Argon2 Hashing

User passwords are never stored as plain text. They are made irreversible with a strong hash algorithm (Argon2id) and 'salting' method.

AWS Key Management Service

Key Management

Another issue as important as encryption is how the keys that will decrypt are stored. Lextum uses AWS KMS (Key Management Service) for key management.

Hardware Security Module (HSM)

Our keys are stored in special hardware protected against physical intervention.

Otomatik Rotasyon

Encryption keys are automatically renewed at certain periods.

Strict Access Control

Access to keys is not given directly to anyone, including system personnel.

Audit Logs

All key usages are recorded and monitored.

Bring Your Own Key (BYOK)

We offer Bring Your Own Key support for our corporate customers. You can manage your own encryption keys and keep 100% data sovereignty.

Enterprise Plan

Security is Not an Option, It's a Standard.

Your legal data is protected by the highest encryption standards. Enjoy a secure working environment without getting bogged down in technical details.