Layla LogoLayla

Security

Last updated: 25th Oct 2025

Overview

Layla follows industry good practices for cloud-native security, covering encryption, access control, application security, safety systems, vendor management, and incident response.

Data protection

  • Encryption: TLS 1.2+ in transit; strong encryption at rest for databases and backups.
  • Secrets management: secure vaulting with rotation; separate keys per environment.
  • Backups: encrypted, integrity-checked, and periodically tested for restore.

Access control

  • Role-based access and least privilege for engineering and support.
  • Multi-factor authentication for production/admin consoles.
  • Centralized audit logs for access and admin actions with retention.

Application security

  • Secure SDLC: peer reviews, dependency scanning, SAST/SCA in CI, and pre-release checks.
  • Vulnerability management: periodic scans, penetration tests, and timely patching.
  • Abuse prevention: rate limiting, anomaly detection, and content moderation controls.

Infrastructure

  • Segregated environments (dev/stage/prod) and network segmentation.
  • Firewalls/security groups restricting ingress/egress; DDoS mitigation via cloud controls.
  • Configuration hardening and continuous posture assessment.

Model and safety systems

  • Content filters to reduce harmful outputs; protections for minors and self-harm signals.
  • Human escalation pathways for critical safety events where lawful and appropriate.
  • Logging and review focused on safety, not surveillance.

Payments

Handled by PCI DSS–compliant providers. Layla does not store full card numbers.

Incident response

  • Documented runbooks and on-call rotation.
  • Breach notifications to users/regulators as required by law, within applicable timelines.

Vendor management

  • Data Processing Agreements with key vendors and subprocessors.
  • Security due diligence and periodic reviews for critical providers.
  • Geographic data mapping and controls for cross-border processing.

User controls

  • Export and delete your data via settings or by emailing grievance@talktolayla.com.
  • Manage active sessions and device logouts from your account.

Responsible disclosure

Report vulnerabilities to support@talktolayla.com. Good-faith research is welcomed under coordinated disclosure.

Compliance roadmap

Alignment with India’s DPDP Act (consent, notices, rights handling, grievance redressal).

IT Rules diligence and content moderation standards; periodic readiness reviews (e.g., ISO 27001) as the company scales.