Security

Protection for every customer conversation.

Lamdesk brings support, campaigns, AI agents, voice, and live chat into one workspace. Security is built around access, transport, browser controls, and careful handling of customer data.

Report a vulnerability Contact security

Browser

Protected

Access

Workspace

Reports

Direct

Security posture

Active

CSP

Restrict unsafe loading

HSTS

Prefer HTTPS

Frame guard

Block embedding

Workspace access

User, channel, and customer context

Authenticated session

Customer timeline

AI handoff review

Security report route

Security model

A practical security baseline for customer engagement.

The platform combines browser-level protections, workspace access patterns, secure routing, and operational controls.

Transport security

Lamdesk is served over HTTPS and the frontend sets HSTS, frame protection, content type protection, and strict referrer controls.

HTTPS firstHSTS headerClickjacking protection

Workspace access

Teams can organize access around workspaces, authenticated sessions, user profiles, and role-aware product areas.

Authenticated accessWorkspace boundariesSession controls

Customer data care

Conversations, contacts, campaigns, and workflow activity are treated as customer business data and kept inside the workspace context.

Customer recordsConversation historyOperational context

Application hardening

The app uses a security header baseline including CSP, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, and COOP/CORP controls.

CSPPermissions-PolicyCOOP/CORP

AI safeguards

AI agents are designed to work inside support and campaign workflows with human handoff for sensitive or unclear conversations.

Human handoffWorkflow limitsReviewable outputs

Responsible reporting

Security concerns can be reported directly to Lamdesk so the team can triage, investigate, and coordinate fixes.

security@lamdesk.comTriageCoordinated fixes

Controlled workflow

Customer data path

Channel eventChat, WhatsApp, voice, email, campaign reply01

Workspace contextCustomer, conversation, owner, tags, history02

AI or team actionReply, summarize, route, escalate, or resolve03

Audit-ready outcomeStatus, notes, handoff, and follow-up stay visible04

Security checkpoint

AccessHeadersHandoff

Operational security

Keep support, campaigns, and AI work inside controlled workflows.

Lamdesk is designed for teams that handle real customer data every day: conversations, contact details, channel history, campaign replies, and AI-assisted handoffs.

Sensitive moments stay reviewableAI and automation can hand off unclear, billing, sales, or support-critical cases.

Workspace context limits confusionTeams operate from a shared customer timeline instead of scattered channel tools.

Security reports go directResearchers and customers can contact security@lamdesk.com for review.

Technical controls

Security details users can actually inspect.

These are concrete protections visible in the app configuration and product architecture.

Content Security PolicyRestricts scripts, frames, media, fonts, connections, and object loading.

Strict Transport SecurityEncourages browsers to use HTTPS for the Lamdesk domain.

Frame protectionUses X-Frame-Options and frame-ancestors controls to reduce clickjacking risk.

Content type protectionUses X-Content-Type-Options to prevent MIME sniffing.

Permissions policyLimits browser capabilities such as camera, geolocation, USB, and sensors.

API separationFrontend API routes are proxied to the backend through defined rewrite rules.

Shared responsibility

Secure workspaces also need good team practices.

Lamdesk gives teams a controlled workspace. Customers should still manage access, channels, AI prompts, and integrations carefully.

Use strong passwords and unique admin accounts.

Grant workspace access only to people who need it.

Review connected channels and integrations regularly.

Remove inactive users when teammates leave.

Keep AI instructions specific and review automated workflows before launch.

Report suspicious activity or security concerns quickly.

Vulnerability report

Send enough detail for fast triage.

Affected URL or workspace area

Steps to reproduce

Impact and severity

Screenshots or safe proof of concept

security@lamdesk.com

FAQ

Security questions.

Clear answers for teams reviewing Lamdesk for support, marketing, and automation.

Does Lamdesk use HTTPS?

Yes. Lamdesk is configured for HTTPS delivery and security headers such as HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.

Does Lamdesk sell customer conversation data?

No. Lamdesk is built as a customer engagement workspace; customer conversations and contact data are handled for product operation, support, campaigns, and automation.

Can we report a vulnerability?

Yes. Send security reports to security@lamdesk.com with affected URL, reproduction steps, impact, and any safe proof-of-concept details.

Is this page a compliance certificate?

No. This page explains Lamdesk security practices and product safeguards. For formal security questionnaires or vendor review, contact security@lamdesk.com.