Security Architecture

Theta Lake’s SOC 2, Type 2-audited Compliance Suite is a purpose-built platform that provides automatic detection of regulatory, privacy, and cybersecurity risks in audio, video, chat and other collaboration content. Theta Lake deploys industry-leading security and compliance controls to protect the security, confidentiality, and availability of information stored on the platform. The solution’s technical design is based on our Secure in Transit, Architecture, Rest, Redaction, and Removal (“STAR3”) architecture.

SOC Compliant

Theta Lake has achieved the SOC 2, Type 2 Report for its Compliance Suite. Theta Lake’s System and Organization Controls (SOC) Report is an independent third-party examination report that demonstrates how Theta Lake achieves key compliance controls and objectives. The purpose of this report is to help our clients, prospective clients, and their auditors understand the Theta Lake controls established to support operations and compliance.

The Cloud Security Alliance’s Security Trust Assurance and Risk (“STAR”) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR principles align to industry best practices and the Level 1 self-assessment validates the controls of our cloud-based platform.

Infrastructure Security


All data is encrypted in transit and at rest. Customer-specific 256-bit encryption keys required for access and customer has the option to manage keys independently using Amazon Web Services or Microsoft Azure key management services.

Secure Data Ingestion

Content ingested through customer-authorized APIs and services, or customer-controlled SSL-only uploads

Retention Controls

Customers retain full control over retention and disposition of information in SEC 17a-4, WORM compliant archive

AWS and Azure Security Certifications

Hosted in dedicated server environments at AWS and Azure, which are certified pursuant to multiple compliance and security regimes, such as SOC, ISO, CSA, and others.