// Trust & Security Report

    Lokalise Inc. logo

    Lokalise Inc.

    AI-powered translation management system (TMS) and localization platform with 60+ integrations, custom AI profiles, automated workflows, and enterprise-grade security. Serves 1M+ users across 3,000+ companies including Fortune 500 enterprises.

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Lokalise's security controls and practices are continuously validated through an annual SOC 2 Type II assessment. This confirms compliance with AICPA Trust Services Criteria for security, availability, and confidentiality.

    Verify on lokalise.com
    ISO 27001
    HELD

    Lokalise has been certified according to the ISO/IEC 27001 standard since November 2020. This assures that security practices, data safeguards, and risk management processes meet the highest standards and comply with industry best practices.

    Verify on lokalise.com
    ISO 27017
    HELD

    Lokalise holds ISO/IEC 27017 certification, the cloud-specific extension to ISO 27001, addressing the shared responsibility model and cloud service provider practices.

    Verify on lokalise.com
    GDPR
    HELD

    Lokalise maintains a privacy and data protection programme supporting compliance with the GDPR. The organization appointed a Data Protection Officer and users can submit data subject requests to privacy@lokalise.com.

    Verify on lokalise.com
    EU-U.S. Data Privacy Framework
    HELD

    Lokalise complies with and is committed to the EU-U.S. Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework.

    Verify on lokalise.com
    > Show 3 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    While no cloud platform can obtain formal HIPAA certification, Lokalise aligns its security and risk management program with HIPAA requirements through its SOC 2 Type II certification for qualifying Covered Entities and Business Associates.

    source: lokalise.com
    PCI DSS
    NOT CONFIRMED

    Lokalise is not PCI DSS certified. The company processes payments through Stripe, a PCI DSS-certified payment processor, and does not store payment information internally.

    source: lokalise.com
    FedRAMP
    NOT CONFIRMED

    No public evidence found on vendor domain.

    source: lokalise.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    AWS EU regions (Germany); data may be transferred to US where Lokalise engages service providers, protected by Standard Contractual Clauses for GDPR compliance

    Lokalise explicitly commits: 'We do not use Customer Data or Personal Data submitted through these features to train general-purpose AI models, except as expressly disclosed otherwise and authorised by the Customer or user.' This represents a clear opt-out policy for general model training without explicit consent.

    // Security controls

    Encryption in transit and at rest

    Implemented across all data processing

    lokalise.com

    Single Sign-On (SAML 2.0)

    Supports Google, Microsoft Azure AD, Okta, OneLogin, Keycloak, PingFederate, PingIdentity

    lokalise.com

    Role-Based Access Control (RBAC)

    Implemented for enterprise access management

    lokalise.com

    Two-Factor Authentication (2FA)

    Available for enhanced account security

    lokalise.com

    Application audit logs

    12-month retention for security and compliance auditing

    lokalise.com

    API access controls

    Token-based authentication for API access

    lokalise.com

    Data Infrastructure

    AWS ISO 27001-certified data centers in EU regions (Germany); all customer data processed and stored exclusively in EU

    lokalise.com

    // Products & data scope

    Lokalise Core PlatformTranslation Management System (TMS)

    data: Customer translation content, linguistic assets, project metadata, user access logs

    Main SaaS platform serving 1M+ users across 3,000+ companies. Includes AI translation, custom AI profiles, automated QA, and workflow orchestration.

    Lokalise API & SDKsDeveloper Integration

    data: API keys, integration data, webhook events, customer content routed through integrations

    95 API endpoints, 10 pre-built SDKs, 33 webhooks, 60+ integrations (Figma, GitHub, Jira, Contentful, Figma, Webflow, WordPress, etc.)

    Lokalise AI TranslationAI Features

    data: Source content for translation, custom AI profiles, translation memory context

    AI translation with on-brand terminology, context preservation, automated QA. Does NOT train general-purpose models on customer data without consent.

    Lokalise MCP ServerAI Integration

    data: Project files, translation content when accessed via MCP

    Claude Code integration via Model Context Protocol for programmatic localization workflows.

    // At a glance

    Pricing model

    Subscription-based SaaS with usage-based tiers (Team, Business, Enterprise plans); pay-per-word translation options

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Lokalise Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    lokalise.com

    > Browse all vendor trust reports