Here at Lokalise, data security has been of paramount importance since day one. More than 1500 happy customers entrust Lokalise with their business data. Every day, we make sure each and every one of Lokalise users stays protected and is well taken care of. And it doesn't matter whether you're a small local brand or a high-profile organization – your data is safe with Lokalise.
Lokalise security measures
Lokalise Inc. is SOC 2 Type 2 certified. The SOC 2 Type 2 compliance demonstrates that Lokalise’s security policies, measures, and procedures rigorously protect the consumer data managed by the Lokalise Translation Management Platform/System.
We know our part to play in protecting our customers’ privacy and personal data. Lokalise appointed a Data Protection Officer to monitor our own compliance. DPO is available to our customers to discuss data privacy issues via firstname.lastname@example.org
Lokalise Inc. complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the processing and transferring personal data.
Uptime 99.9% or higher
Sound business ethics
Our information security policy defines the Lokalise approach to how systems and data are protected. To keep our policy, standards, and guidelines secure, each policy has an Owner who's responsible for managing the risk outlined in the Policy Objective. All policies are reviewed at least once a year to make sure they stay relevant and manage risk appropriately.
Lokalise has sound business ethics, which are maintained by hiring and retaining high-quality personnel. All employees know their responsibilities and roles in connection with information security. That way, we minimize the risk of human error such as theft, fraud, and misuse of information assets.
Lokalise uses role-based security architecture and requires users of the system to be identified and authenticated prior to the use of any system resources. All resources are managed in the asset inventory system, and each asset has its owner. Your employees can access the company services through the Internet using the SSL functionality of their web-browser. The employees must supply a valid Google account to gain access to customer cloud resources.
We use encryption technologies to protect customer data both at rest and in transit.
Access to our offices is restricted and enforced by security personnel services. When confidential information is physically stored on our premises, access is only available to authorized personnel.
Our files and virtual machines are hosted with the largest managed cloud provider Hetzner.de trusted globally for its reliable network. Hetzner adheres and is regularly audited for the DIN ISO/IEC 27001 certification standard. We also distribute content via Amazon S3.
All servers are updated in the monthly service window. That way we ensure the production servers do NOT have critical or important updates older than 30 days.
System monitoring and alerting
The Lokalise system is monitored 24/7/365 by different monitoring tools. Our uptime is 99.9% or higher. Critical alerts are immediately sent to the DevOps team and escalated to operations management and incident response procedure. Want to see for yourself? Check our past month statistics here https://status.lokalise.com
We do full daily automated and encrypted backups of our databases. Customer data is backed up and monitored by operations personnel for completion and exceptions.
Production customer data is encrypted in transit. We do not store any credit card information. All our credit card processing is taken care of by Stripe listed by Visa’s registry of provi
Our software development process includes extensive code reviews during the code development phase and before code is pushed to production. We also perform regular audits and checks against known security flaws, including the OWASP Top Ten.
Lokalise has designed and implemented controls to monitor our vendors. In addition, Vendor agreements, including any security, availability, and confidentiality commitments, are reviewed by appropriate Lokalise management during the risk management process. Prior to services rendered, vendors are also required to sign the vendor agreements.
Redundancy is built into the system infrastructure to help ensure that there is no single point of failure – and this includes firewalls, routers, and servers. In the event that a primary system fails, the redundant hardware is configured to take its place. Penetration testing is conducted to measure the security posture of a target system or environment. Every nine months, we perform a simulation to test the Lokalise disaster recovery plan.
Lokalise designs its processes and procedures related to meet its business objectives for its services. Those objectives are based on the service commitments that Lokalise makes to user entities, the laws and regulations that govern the provision of the services, and the financial, operational, and compliance requirements that Lokalise has established. Security commitments to user entities are documented and communicated in Service Level Agreements (SLAs) and the general Terms of Service available at https://lokalise.com /terms, as well as in the description of the service offering provided online. Security principles within the fundamental designs under GDPR that are designed to permit system users to access the information they need based on their role in the system while restricting them from accessing information not needed for their role.
Incident response policies and procedures are in place to guide our team in reporting and responding to information system incidents. Lokalise monitors the capacity utilization of virtual to ensure that service delivery matches service level agreemen
Do you have a security concern you'd like to discuss with us or any vulnerability regarding Lokalise services you'd like to report? Don't hesitate to contact us at email@example.com
Localization made easy. Why wait?
Try for free or let us show you how it works.Try it free