// Trust & Security Report

    Lateral GmbH logo

    Lateral GmbH

    AI-powered document navigation and research collaboration tool for organizing and discovering insights across documents. Sunsetted as of June 26, 2025. Transitioning users to coordination.network.

    Certifications held

    0

    Maturity

    Startup

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 11 unconfirmed / not-held certifications
    SOC 2 (Type 1 or Type 2)
    NOT CONFIRMED

    No mention of SOC 2 certification on vendor domain. Legal pages overview and privacy policy do not reference SOC 2 compliance.

    source: lateral.io
    ISO 27001
    NOT CONFIRMED

    No mention of ISO 27001 certification on vendor domain. Legal pages and privacy policy contain no reference to this standard.

    source: lateral.io
    GDPR Compliance
    NOT CONFIRMED

    Privacy policy cites GDPR articles and legal bases for processing, and notes appointment of a data protection officer (Bitkom Servicegesellschaft mbH), but does not claim GDPR certification or adequacy determination. GDPR compliance is a legal requirement in EU, not a certification.

    source: lateral.io
    HIPAA
    NOT CONFIRMED

    No mention of HIPAA or healthcare compliance on vendor domain or legal documents.

    source: lateral.io
    ISO 27017 (Cloud Controls)
    NOT CONFIRMED

    No public evidence of ISO 27017 certification.

    source: lateral.io
    ISO 27018 (Cloud PII Controls)
    NOT CONFIRMED

    No public evidence of ISO 27018 certification.

    source: lateral.io
    ISO 27701 (Privacy Extension)
    NOT CONFIRMED

    No public evidence of ISO 27701 certification.

    source: lateral.io
    PCI DSS
    NOT CONFIRMED

    No mention of PCI DSS or payment card compliance on vendor domain.

    source: lateral.io
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization.

    source: lateral.io
    ISO/IEC 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification.

    source: lateral.io
    CSA STAR AI
    NOT CONFIRMED

    No public evidence of CSA STAR AI certification.

    source: lateral.io

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    EU (Germany-based company, GDPR compliant processing, standard contractual clauses for US transfers mentioned in privacy policy)

    Privacy policy states: 'We only use them to train your AI recommendations, we do not use them to train our underlying AI solution.' Customer research documents, findings, and notes are not used to train the core underlying AI model, only for within-app recommendation features. However, product is now sunsetted (as of June 2025), so data handling is no longer active.

    // Security controls

    Encryption in transit

    All communication between browser and servers is encrypted

    lateral.io

    Code security reviews

    Regular security checks on codebase performed

    lateral.io

    Dependency updates

    Codebase and external software components regularly updated

    lateral.io

    Database access controls

    Only a limited set of engineers have access to production database

    lateral.io

    Data backups

    Regular backups of databases performed

    lateral.io

    Data retention (web visitors)

    Log files and IP addresses deleted within 30 days

    lateral.io

    Data protection officer

    Appointed DPO: Bitkom Servicegesellschaft mbH (Germany)

    lateral.io

    // Products & data scope

    Lateral Research PlatformResearch Collaboration / Document AI

    data: User research documents, findings, notes, projects

    Core product: AI-assisted navigation and organization of research documents. Sunsetted June 26, 2025. Features included client-side search, AI-powered recommendations, project organization. Users directed to coordination.network as successor platform.

    // What to watch

    • PRODUCT SUNSETTED: Lateral ceased operations June 26, 2025. No longer accepting signups. Users migrating to coordination.network.
    • NO ENTERPRISE SECURITY CERTIFICATIONS: No SOC 2, ISO 27001, HIPAA, FedRAMP, or ISO 27017/27018/27701 certifications held. Given research data sensitivity, lack of formal certs is notable gap.
    • OUTDATED PRIVACY POLICY REFERENCE: Privacy policy mentions Google Privacy Shield certification, which was invalidated in 2020. Indicates policy may not have been recently refreshed.
    • DPA AVAILABLE: Data Processing Agreement provided, indicating GDPR-aware legal setup.
    • LIMITED TRANSPARENCY: No dedicated trust center or security whitepaper published.
    • FOUNDER TRANSPARENCY: Five named co-founders with clear division of responsibilities (Martin Karlsson CEO, Felix Groenemeyer CCO, Ben Wilson CSO, Max CTO, Jann Kleen VP Eng).

    // At a glance

    Pricing model

    SaaS subscription (specific tiers unknown, product sunsetted)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Lateral GmbH's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    lateral.io

    > Browse all vendor trust reports