Get started with Lilt. Join our free live webinars! Learn more

Data Security

How we protect your translation data

  1. Your data is private to your Lilt account. It is never shared with other accounts and/or users.
  2. Lilt does not use or allow the use of your translation data for its or any third party's own purposes, including marketing purposes, without your consent.
  3. Your translation data is SSL-encrypted in transit between your computer and our servers, and is encrypted via AES-256 encryption in our database.

To generate translation suggestions, Lilt first queries data from public domain "background" data sets such as United Nations and European Parliament data. It then merges your translation memories.

In the diagram below, suppose that User A and User B have both uploaded documents and translation memories. When User B translates, data from User A is sequestered and is never shown to User B.

Lilt uses Google Cloud Platform (GCP) for computing infrastructure. Lilt provides its services in compliance with GCP's Terms of Use, including but not limited to, the security provisions and the data storage, transfer, and processing provisions set forth in those Terms.

European Union users: Data is currently stored in the United States. Lilt has accepted GCP's Data Processing and Security Terms and EU Model Contract Clauses.

  • Client Data — source text documents, target translation, and associated metadata.
  • Personal Data — name, email address, IP address, browser type, operating system, etc.
  • Payment Data — credit card number, billing address, security code, etc.

Unencrypted (HTTP) connections to all URLs at the lilt.com domain are blocked. SSL/TLS (HTTPS) connections are required for all client sessions. All data is transmitted to/from lilt.com via HTTPS.

There are two user authentication methods:

  • Google OAuth2 – authentication is managed by Google
  • Local password – passwords are hashed with salt / bcrypt.

We run edge web servers in the US, Belgium, and Taiwan. A cross-region load balancer routes client traffic to the nearest edge server. Traffic is then routed via Google’s internal private network to our server and database instances, which currently run in the Google’s Iowa data center.

“Google operates its own private global network that spans all of our data centers and our 70+ points of presence, rather than using the public internet for transmission between data centers. Data traveling between a customer’s device and Google is encrypted by default using HTTPS/TLS (Transport Layer Security).”

GCP-internal network traffic is encrypted in-transit.

Raw Client Data files are stored in Google Cloud Storage, which applies AES-256 encryption by default:

“Cloud Storage encrypts user data at rest using AES-256, and each encryption key is itself encrypted with a regularly rotated set of master keys. There is no setup or configuration required, no need to modify the way you access the service, and no visible performance impact. Data is automatically and transparently decrypted when read by an authorized user.”

Extracted Client Data is stored in a Google Cloud SQL database instance. All tables and rows are encrypted with AES-128:

“[Cloud SQL] data is encrypted using the 128-bit Advanced Encryption Standard (AES-128), or better, with symmetric keys: that is, the same key is used to encrypt the data when it is stored, and to decrypt it when it is used. These data keys are themselves encrypted using a master key, stored in a secure keystore, and changed regularly.”

Automatic backups are created daily by and inside GCP.

Client Data is never shared between accounts without user action. A user can share a source document with another user, but this requires explicit entry of an email address and a click.

We store the following Personal Data in Cloud SQL:

  • Email address
  • Full name (first name, last name)

Personal Data is collected by and shared with the following third parties:

  • Google Analytics
  • Intercom
  • Mailchimp (via an integration with Intercom)
  • Slack (via an integration with Intercom)

We do not store Payment Data. It is transmitted via HTTPS to Stripe, our payment provider.

Google Cloud Platform maintains certification with robust security standards, including:

  • SSAE16 / ISAE 3402 Type II:
  • SOC 2
  • SOC 3 public audit report
  • ISO 27001, one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving Google Cloud Platform. Our ISO 27001 Certificate is here.
  • FISMA Moderate accreditation for Google App Engine
  • PCI DSS v3.0
  • HIPAA BAA

Change is hard. We know.

Try Lilt for free on your next project