Lokalise security measures

Here at Lokalise, data security has been of paramount importance since day one. More than 1500 happy customers entrust Lokalise with their business data. Every day, we make sure each and every one of Lokalise users stays protected and is well taken care of. And it doesn't matter whether you're a small local brand or a high-profile organization – your data is safe with Lokalise.

  • icon_certificate
    SOC 2 Type 2

    Lokalise Inc. is SOC 2 Type 2 certified. The SOC 2 Type 2 compliance demonstrates that Lokalise’s security policies, measures, and procedures rigorously protect the consumer data managed by the Lokalise Translation Management Platform/System.

  • icon_gpr
    GDPR compliance

    We know our part to play in protecting our customers’ privacy and personal data. Lokalise appointed a Data Protection Officer to monitor our own compliance. DPO is available to our customers to discuss data privacy issues via

  • icon_privaci
    Data Privacy Practices

    Lokalise Inc. complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the processing and transferring personal data.

  • icon_monitored

    Monitored 24/7/365

  • icon_uptime

    Uptime 99.9% or higher

  • icon_sound

    Sound business ethics

Information security management

Our Information Security Policy is based on the guidelines of ISO/IEC 27001. Our Information Security Policy outlines Lokalise's approach to the protection of our systems and data. Each policy, standard and guideline has an Owner to ensure the security of information security at Lokalise. Owners are responsible for managing the risks outlined in the Policy Objective. We carry on regular internal and external audits to examine our compliance with general requirements of ISO 27001, SOC2, HIPAA, and PCI DSS.

Human resources security

Lokalise has sound business ethics, which are maintained by hiring and retaining high-quality personnel. All employees know their responsibilities and roles in connection with information security. That way, we minimize the risk of human error such as theft, fraud, and misuse of information assets.

Access control

Lokalise uses role-based security architecture and requires users of the system to be identified and authenticated prior to the use of any system resources. All resources are managed in the asset inventory system, and each asset has its owner. Your employees can access the company services through the Internet using the SSL functionality of their web-browser. The employees must supply a valid Google account to gain access to customer cloud resources.


We use encryption technologies to protect customer data both at rest and in transit.

Physical and environmental security

Access to our offices is restricted and enforced by security personnel services. When confidential information is physically stored on our premises, access is only available to authorized personnel.

Operational security

  • Servers

    Our files and virtual machines are hosted with the largest managed cloud provider trusted globally for its reliable network. Hetzner adheres and is regularly audited for the DIN ISO/IEC 27001 certification standard. We also distribute content via Amazon S3.

  • Change management

    All servers are updated in the monthly service window. That way we ensure the production servers do NOT have critical or important updates older than 30 days.

  • System monitoring and alerting

    The Lokalise system is monitored 24/7/365 by different monitoring tools. Our uptime is 99.9% or higher. Critical alerts are immediately sent to the DevOps team and escalated to operations management and incident response procedure. Want to see for yourself? Check our past month statistics here

  • Backups

    We do full daily automated and encrypted backups of our databases. Customer data is backed up and monitored by operations personnel for completion and exceptions.

  • Data

    Production customer data is encrypted in transit and at rest. We use most up-to-date SSL/TLS versions for securing the data. At rest data is encrypted using AES algorithms. We anonymize production data before using it in Development or Test environments.

System development and maintenance

Our software development process includes extensive code reviews during the code development phase and before code is pushed to production. We also perform regular audits and checks against known security flaws, including the OWASP Top Ten.

Supplier relations

Lokalise has designed and implemented controls to monitor our vendors. In addition, Vendor agreements, including any security, availability, and confidentiality commitments, are reviewed by appropriate Lokalise management during the risk management process. Prior to services rendered, vendors are also required to sign the vendor agreements.

Business continuity management

Redundancy is built into the system infrastructure to help ensure that there is no single point of failure – and this includes firewalls, routers, and servers. In the event that a primary system fails, the redundant hardware is configured to take its place. Penetration testing is conducted to measure the security posture of a target system or environment. Every nine months, we perform a simulation to test the Lokalise disaster recovery plan.

Governance, Risks and Compliance

Lokalise designs its processes and procedures related to meet its business objectives for its services. Those objectives are based on the service commitments that Lokalise makes to user entities, the laws and regulations that govern the provision of the services, and the financial, operational, and compliance requirements that Lokalise has established. Security commitments to user entities are documented and communicated in Service Level Agreements (SLAs) and the general Terms of Service available at /terms, as well as in the description of the service offering provided online. Security principles within the fundamental designs under GDPR that are designed to permit system users to access the information they need based on their role in the system while restricting them from accessing information not needed for their role.

What happens in case of incidents?

Incident response policies and procedures are in place to guide our team in reporting and responding to information system incidents. Lokalise monitors the capacity utilization of virtual to ensure that service delivery matches service level agreemen

Do you have a security concern you'd like to discuss with us or any vulnerability regarding Lokalise services you'd like to report? Don't hesitate to contact us at

Localization made easy. Why wait?

Try for free or let us show you how it works.

Try it free