Secure by design,private by default.
Lattice operates on a zero-trust architecture. Your data never leaves your infrastructure and every action is recorded in an immutable audit log.
16
Capas de seguridad
AES-256
Cifrado en reposo
TLS 1.3
Cifrado en tránsito
0
Retención en Sintérgica
Regulatory compliance
from the architecture up
Lattice operates on a multi-layer security foundation that meets current Mexican regulation and is ready for international audits.
LFPDPPP
Federal Law on Protection of Personal Data Held by Private Parties. Data handling, consent, and ARCO rights implemented by design.
LGTAIP
General Law on Transparency and Access to Public Information. Access controls and traceability of public information aligned with the regulation.
AES-256 at rest
All stored data is encrypted with AES-256-GCM. Keys are managed with automatic rotation and never exposed in plain text.
TLS 1.3 in transit
All communication between services and clients is encrypted with TLS 1.3. Perfect Forward Secrecy enabled by default on all endpoints.
Granular RBAC
Role-based access control with resource-level policies. Each user accesses only what they need; least privilege by default.
No retention at Sintérgica AI
Sintérgica AI does not store, train on, or process your data on its servers. All computation happens on your infrastructure.
ISO 27001 ready
Architecture and controls aligned with the ISO/IEC 27001 standard for information security management systems.
SOC 2 ready
Controls oriented to AICPA Trust Services criteria: security, availability, processing integrity, and confidentiality.
16 independent
security layers
Each Lattice agent operates inside a sandbox with 16 autonomous security barriers. A failure in one layer does not compromise the others.
Built in Rust
The agent engine runtime is written in Rust, eliminating entire classes of memory-safety vulnerabilities (buffer overflow, use-after-free, data races).
Process isolation
Each agent runs in its own isolated process with dedicated memory space. A compromised agent cannot read or modify the context of others.
Granular permissions
Atomic control over which data, tools, and APIs each agent can invoke. Permissions declared explicitly; implicit deny by default.
Immutable audit log
Every agent action — read, write, tool invocation — is recorded in a cryptographically signed append-only log.
Secure sessions,
no traces on our servers
Lattice's conversational interface was designed for highly regulated environments. Full administrator control over every session and credential.
Sessions with configurable expiration
Each user session has a TTL (time-to-live) defined by the administrator. Inactive sessions are automatically invalidated according to your organization's policy.
- Configurable TTL per role or user
- Automatic closure on inactivity
- Instant revocation from admin panel
User/role-based access control
Access policies at the conversation, agent, and tool level. Segmentation by department, project, or data classification level.
- Agent-level access policies
- Segmentation by department and project
- Permission inheritance and override
No storage on Sintérgica AI servers
Conversation history, attached documents, and session context reside exclusively on the client's infrastructure. Sintérgica AI has no access.
- History on your infrastructure only
- Sintérgica AI has no access to conversations
- Full data sovereignty by design
SSO / LDAP
Native integration with your corporate directory. A single control point for onboarding, offboarding, and access changes.
- SAML 2.0 and OpenID Connect (OIDC)
- Active Directory and LDAP
- Configurable mandatory MFA
Ready for the most
demanding regulatory frameworks
Lattice deploys private AI for regulated sectors in Mexico and Latin America. The zero-trust architecture meets the requirements of the leading global standards.
| Framework | Scope | Region | Status | Description |
|---|---|---|---|---|
| LFPDPPP | Personal data | Mexico | Compliant | Federal Law on Protection of Personal Data Held by Private Parties. ARCO rights, explicit consent, and controlled transfers implemented by design. |
| LGTAIP | Public transparency | Mexico | Compliant | General Law on Transparency and Access to Public Information. Traceability of access to government information and classification controls. |
| ISO 27001 | Information security | International | Audit-ready | Information Security Management System (ISMS). Controls A.5–A.18 implemented; architecture ready for certification process. |
| SOC 2 Type II | Service controls | U.S. / Global | Audit-ready | AICPA Trust Services Criteria: security, availability, processing integrity, and confidentiality. Logs and controls ready for third-party audit. |
| HIPAA | Health data | U.S. | Audit-ready | Health Insurance Portability and Accountability Act. Encryption, access controls, and PHI (Protected Health Information) audit prepared for the health module. |
| GDPR | Personal data | European Union | Architecture compatible | General Data Protection Regulation. On-premise data architecture and sovereignty controls compatible with GDPR data residency and transfer requirements. |
LFPDPPP
Personal data · Mexico
Federal Law on Protection of Personal Data Held by Private Parties. ARCO rights, explicit consent, and controlled transfers implemented by design.
LGTAIP
Public transparency · Mexico
General Law on Transparency and Access to Public Information. Traceability of access to government information and classification controls.
ISO 27001
Information security · International
Information Security Management System (ISMS). Controls A.5–A.18 implemented; architecture ready for certification process.
SOC 2 Type II
Service controls · U.S. / Global
AICPA Trust Services Criteria: security, availability, processing integrity, and confidentiality. Logs and controls ready for third-party audit.
HIPAA
Health data · U.S.
Health Insurance Portability and Accountability Act. Encryption, access controls, and PHI (Protected Health Information) audit prepared for the health module.
GDPR
Personal data · European Union
General Data Protection Regulation. On-premise data architecture and sovereignty controls compatible with GDPR data residency and transfer requirements.
Does your industry have specific regulatory requirements?
Sintérgica AI deploys private AI for regulated sectors in Mexico and Latin America. Schedule a security assessment with our team.