Localytics Security Overview

Last Updated: April 29, 2026

Localytics is committed to protecting the security, confidentiality, and availability of Customer Data. This Security Overview describes the administrative, technical, and physical safeguards we use to protect the Localytics platform and the data entrusted to us.

1. Overview

Localytics is a cloud-based platform that enables organizations to understand user behavior, deliver targeted messaging, and optimize customer experiences across mobile and digital channels.

We are committed to protecting the security, confidentiality, and availability of Customer Data.

Localytics maintains a security program aligned with industry standards, including administrative, technical, and physical safeguards designed to protect Customer Data.

Additional details regarding our security practices are described in this Security Overview and may be updated from time to time.

2. Infrastructure and Hosting

Localytics is hosted on Amazon Web Services (AWS). Key infrastructure components include:

  • AWS (EC2, EKS, S3, Amplify)
  • AWS Aurora (Postgres, MySQL)
  • DynamoDB, Elasticache
  • Snowflake

AWS provides physical and environmental security for production infrastructure. AWS operates as a subprocessor for infrastructure services.

3. Data Security

Encryption: Data is encrypted in transit and data is encrypted at rest.

Data Handling: Localytics maintains classification policies for:

  • Personal data
  • Operational data
  • Confidential data

3.1 Data Processing and Privacy

To the extent Localytics processes personal data on behalf of Customer:

  • The parties agree to the Data Processing Addendum (DPA), which is incorporated by reference
  • Customer acts as controller, Localytics as processor, where applicable
  • Data processing and transfers comply with applicable data protection laws

4. Access Controls

Localytics enforces role-based access control (RBAC).

Key Practices:

  • Least-privilege access
  • SSO authentication
  • VPN access
  • Access reviews
  • Immediate deprovisioning

Access to systems is restricted to authorized personnel and limited to the scope necessary for their role.

5. Application and System Security

Localytics employs multiple layers of security:

Monitoring and Detection

  • CloudWatch
  • GuardDuty
  • PagerDuty

Vulnerability Management

  • Continuous scanning
  • Penetration testing
  • Patch SLAs

Intrusion Protection

  • Intrusion detection systems
  • AWS network protections

Security controls are designed to protect Customer Data and are continuously monitored and improved.

6. Secure Development and Change Management

Localytics maintains formal processes for:

  • Code versioning
  • Change management
  • Testing environments
  • Deployment approvals

These practices are designed to ensure the integrity, reliability, and security of the Services.

7. Incident Response

Localytics maintains an Incident Response Plan, including:

  • Detection and escalation
  • Response procedures
  • Communication workflows
  • Remediation

Localytics will notify Customer of confirmed security incidents in accordance with applicable law and contractual obligations.

8. Backup and Disaster Recovery

  • Regular backups
  • Encrypted storage
  • Controlled access
  • Recovery testing

AWS provides redundancy and failover support.

9. Organizational Security

Localytics maintains a structured control environment:

  • Executive oversight
  • Security Committee
  • Risk reviews
  • Employee training
  • Confidentiality obligations

Localytics applies reasonable safeguards to protect confidential information and Customer Data.

10. Vendor and Subprocessor Management

Localytics maintains a Third-Party Risk Management Program, including:

  • Vendor due diligence
  • Security evaluation
  • Ongoing monitoring
  • Contractual protections

The Services may rely on third-party providers, and such providers are subject to their own terms and controls.

11. Customer Responsibilities

Security is a shared responsibility. Customers are responsible for:

  • Managing access to accounts
  • Configuring data and integrations
  • Ensuring compliance with applicable laws
  • Securing their own systems

Customer is responsible for its use of the Services, including the configuration and operation of messaging, data, and integrations. Localytics provides tools and guidance but does not independently verify Customer implementation or usage.

12. Compliance and Risk Management

Localytics maintains a risk management program that includes:

  • Annual risk assessments
  • Ongoing monitoring
  • Security reviews

Controls are designed to support the confidentiality, integrity, and availability of Customer Data.

13. Monitoring and Continuous Improvement

Localytics continuously monitors systems through:

  • Real-time monitoring
  • Internal reviews
  • Control evaluations

Security practices are updated as needed.

14. Availability and Service Expectations

Unless otherwise specified in an Order Form or Service Level Agreement:

  • Services are provided without a guaranteed uptime commitment
  • Maintenance activities may impact availability

15. Contact

For security inquiries, email: support@localytics.com