When it comes to security, trust is crucial. As threats evolve and new technology challenges emerge, LastPass remains unwavering in our commitment to security.
That’s why we leverage our Trust Center to maintain open communication with you, our customers, so that you can be confident in our product and company. Through the Trust Center, LastPass shares our investments in security, data encryption processes, organizational-level protocols, and more.
Additionally, we provide visibility into our company and product security, down to our encryption standards and security team structure. You can vet our strategy and product architecture with the information provided, so that you can continue to feel confident in our ability to safeguard your data.
We've built the LastPass Trust Center around four essential principles: Security, Privacy, Compliance, and Transparency. Let’s take a closer look at the Privacy principle and what that means for your data.
What is data privacy?
Privacy means lawfully and transparently handling your data. LastPass adheres to global privacy policies that detail what information we collect and why, along with your rights regarding that data. In addition, you stay in control by choosing which in-app analytics we can gather to improve product performance.
LastPass’s data privacy program aligns with today’s relevant privacy regulations and rules. Our program includes, but is not limited to:
- Australia’s Privacy Act (1988)
- Brazil’s General Data Protection Law (LGPD)
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Virginia Consumer Data Privacy Act (VCDPA)
- General Data Protection Regulation (GDPR)
- Singapore’s Personal Data Protection Act (PDPA)
- United Kingdom’s Data Protection Act (2018)
LastPass and data privacy measures
Reflecting our commitment to maintaining the highest standards for managing personal data, LastPass is a participant in TRUSTe’s Enterprise Privacy & Data Governance Certification program. This seal and certification are based on requirements governing data privacy management practices, which demonstrate responsible, ethical, and legally compliant data collection and processing practices.
We've also obtained the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) certifications.
To help ensure sufficient service availability, uptime, and redundancy, we deploy a combination of geographically distributed physical co-location facilities and cloud hosting providers that replicate in near-real-time.
We also implement and maintain the appropriate technical and organizational measures to preserve data confidentiality, integrity, and availability. This includes detailed information regarding LastPass’ zero-knowledge encryption capabilities and other comprehensive security measures. Learn more about our technological and organizational measures here.
Finally, we do not disclose customer information unless presented with a valid warrant, subpoena, court order, or equivalent legal process. You can learn more about the LastPass Government Request Policy here.
Since day one at LastPass, we've striven to go beyond industry expectations in our level of transparency with customers. With the Trust Center – and our commitment to data privacy, we seek to meet our customers' security needs and set a new benchmark for how companies should communicate and build trust with their users. Through higher standards for ourselves, we aim to raise the standards for the industry as a whole.
