// Trust & Security Report
LILT, Inc.
Enterprise AI translation and localization platform. Sub-products: Translate (AI-assisted translation), Verify (quality verification), Connect (100+ integrations via MCP and API), Create (multilingual content generation), Evaluate (AI model benchmarking and audit). Serves enterprises, public sector (including U.S. DoD), and AI/ML builders.
Certifications held
8
Maturity
Enterprise
Trains on your data
Yes
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.lilt.com“LILT SOC 2 Type 2 + HIPAA Report (trust center document title); home page: 'SOC 2® Type II, ISO 9001, and ISO 17100 certified'; responsible-deployment page: 'SOC 2 Type II certification'. Annual audit conducted by A-LIGN (licensed CPA firm); report available to customers under NDA.”
Verify on labs.lilt.com“Announcement: 'LILT Successfully Completes SOC 2 & SOC 3 Audit' (January 17, 2024, auditor: A-LIGN). SOC 3 is the public summary of the SOC 2 examination.”
Verify on trust.lilt.com“Trust center lists document 'LILT SOC 2 Type 2 + HIPAA Report'. Security page lists 'HIPAA - Compliant'. Responsible-deployment page: 'HIPAA-aligned workflows'.”
Verify on lilt.com“Home page: 'SOC 2® Type II, ISO 9001, and ISO 17100 certified.' Security-compliance page: 'certified by ATC Certification'. Trust center document: 'ATCC ISO 9001'.”
Verify on trust.lilt.com“Home page explicitly lists ISO 17100. Trust center document 'ATCC ISO 17100' listed. Certified by ATC Certification. Note: this is a translation quality standard, not an information security certification.”
Verify on trust.lilt.com“Trust center document 'ATCC ISO 18587'. Note: this is a translation quality standard covering machine translation post-editing processes, not an information security certification.”
Verify on lilt.com“Trust center lists 'Cyber Essentials' with request-access document. Security-compliance page states it demonstrates 'user controls and train LILT employees to protect against common user-based cyber attacks'.”
Verify on lilt.com“DPA publicly available at lilt.com/legal/dpa. DPA implements EU Standard Contractual Clauses (Module Two) for controller-processor relationships. Irish Data Protection Commission designated as supervisory authority. Security-compliance page: 'GDPR - Compliant'.”
> Show 5 unconfirmed / not-held certifications
source: lilt.comLILT does not hold ISO 27001. The lilt.com/security-compliance page explicitly lists ISO 27001 under 'GCP Security Standards (LILT's Infrastructure Provider)' -- this is Google Cloud Platform's cert, not LILT's own. No vendor-domain source shows LILT holding its own ISO 27001 certificate.
source: lilt.comNo public evidence of FedRAMP authorization found on any LILT-domain page, despite the home page citing the U.S. Department of Defense as a customer. LILT offers on-premise and air-gapped deployments for government clients but no FedRAMP marketplace listing was found.
source: lilt.comListed as 'Certified' on lilt.com/products/security, but this certification does not appear in the trust center certifications list (which shows SOC 2 Type II + HIPAA, ISO 9001, ISO 17100, ISO 18587, Cyber Essentials). No certifying body or audit date is cited. Likely describes workflow support for FDA-regulated clients rather than a formal certification. Graded held=false until a trust center document or accreditation source is provided.
source: lilt.comPCI DSS v3.0 is listed under 'GCP Security Standards (LILT's Infrastructure Provider)' on lilt.com/security-compliance. LILT does not itself hold a PCI DSS certification.
source: lilt.comNo public evidence found on any LILT-domain page.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Offered
Data region
United States (Google Cloud Platform); EU and UK data transferred via Standard Contractual Clauses (Module Two) with UK Addendum
LILT's core differentiator is that its contextual AI continuously retrains on customer translation data (uploaded TM/TMX files and human-verified translations) to build customer-specific model adapters (140M parameter adapters plugged into a 1.2B parameter shared background model). MSA Section 6.7 grants LILT a 'royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicensable right and license to use, disclose, reproduce, modify, create derivative works from, distribute, and display any Customer Materials integrated into the Machine Learning.' No opt-out mechanism exists in the MSA or DPA. The DPA separately states that processing is limited to 'performance of the Services pursuant to the Agreement,' which is potentially contradictory with the MSA's broad ML training grant and requires legal review. Customer data is used for customer-specific adapters and is not stored in the shared background model weights, per support documentation.
// Security controls
Deployment options
Public cloud (GCP), private cloud, on-premise, and air-gapped environments
lilt.comVulnerability disclosure
security@lilt.com and vulnerability report link in trust center
trust.lilt.com// Products & data scope
data: Source and translated text, translation memories (TMX), customer content submitted for translation
Core product. Contextual AI retrains on customer translation data continuously. Customer-specific model adapters are built from this data. Used by enterprises, DoD, and regulated industries.
data: Translated content submitted for review and verification by human linguists
Expert human verification layer for high-consequence multilingual content.
data: Content flowing through 100+ connectors; depends on integrated business systems
Connects to enterprise systems via MCP and API. Data scope extends to whatever systems are integrated.
data: Brand assets, campaigns, and content in source language used to generate multilingual output
Supports brand-consistent multilingual creation at scale.
data: AI model outputs and benchmark datasets
Closed-benchmark evaluation and oracle judgements for AI/ML developers. Also marketed to the broader AI/ML builder segment.
// What to watch
- AI TRAINING - NO OPT-OUT: MSA Section 6.7 grants LILT a 'royalty-free, worldwide, perpetual, irrevocable, fully transferable and sublicensable' license to use customer content for machine learning. No opt-out is available in the MSA or DPA. Enterprise customers submitting sensitive, confidential, or regulated content should negotiate bespoke data isolation or deletion rights before signing.
- ISO 27001 HOST-VS-VENDOR RISK: ISO 27001 is held by LILT's infrastructure provider (Google Cloud Platform), not by LILT itself. lilt.com/security-compliance distinguishes these under 'GCP Security Standards (LILT's Infrastructure Provider).' Some marketing copy may imply LILT holds ISO 27001, which is a host-cert conflation. AIFOXX should not list LILT as ISO 27001 certified.
- FDA CFR PART 11 OVER-CLAIM: lilt.com/products/security lists FDA CFR Part 11 as 'Certified' but this certification is absent from the trust center certifications list. No certifying body or audit date is provided. This is likely marketing framing for FDA-regulated workflow support rather than a formal accreditation. Graded held=false.
- DPA vs MSA TRAINING RIGHTS CONFLICT: The DPA limits processing to 'performance of the Services pursuant to the Agreement' suggesting no independent training rights, while MSA Section 6.7 grants broad perpetual ML training rights. These provisions appear contradictory and could create ambiguity about the legal basis for AI training. Legal review recommended for enterprise buyers.
// At a glance
Pricing model
Enterprise subscription; contact sales for pricing. No self-serve pricing page. Custom contracts for public sector.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on LILT, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.lilt.com