Security at Locize

• Information Security Policy applies across the inweso organization and is mandatory for employees and contributors.
• Our Information Security Management System is built on three pillars: people, processes, and technology.
• We follow a Zero Trust Architecture mindset: “never trust, always verify”, with strict identity verification and continuous authentication.

• Ongoing security awareness training for employees and role-specific training where needed.
• Access control based on least privilege, with regular reviews and timely revocation/updates.
• Strong authentication mechanisms (including MFA) for internal systems where applicable.
• An incident response process to address, investigate, and remediate security incidents.

We do not maintain our own server infrastructure. Locize uses Amazon Web Services (AWS) data centers for computing infrastructure. AWS data centers are equipped with comprehensive physical security measures.

Learn more: AWS security

We maintain vendor risk management practices and review third parties used to deliver the service. A list of sub-processors and related privacy details is available in our Privacy policy.

Our team keeps the application and its dependencies up to date. We use monitoring and operational practices to detect and respond to suspicious activity.

When you subscribe to a Locize account, we do not store your billing information on our infrastructure. Payments are processed by our partner Stripe, which is compliant with PCI Security Standards.

More details: Stripe security

Access to customer data is limited to authorized employees who require it for their job (for example support). Support representatives should access only the files or settings needed to resolve customer issues.

We maintain and regularly review a Disaster Recovery Plan and a Business Continuity Plan. These plans are designed to minimize downtime and support the timely restoration of critical business functions.