Security

How we keep your data safe.

Infrastructure

• Hosted entirely on AWS (us-east-1) using managed, SOC 2 compliant services
• All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
• Serverless architecture (Lambda, DynamoDB). No long-running servers to patch
• CloudFront CDN with HTTPS-only access

Authentication

• User authentication via AWS Cognito (email + Google OAuth)
• API key authentication for CLI and programmatic access
• API keys are hashed before storage. Plaintext is shown only once at creation

Data Handling

• Your content is processed by Amazon Bedrock for translation and is not used to train AI models
• DynamoDB stores all data with per-table encryption
• Stripe handles all payment data. We never see or store card numbers
• Webhook payloads are verified using Stripe signature validation

Access Control

• Project-level authorization. Users can only access projects they're invited to
• Admin/member role separation for team management
• Gamma environment restricted to admin group only

Reporting Vulnerabilities

If you discover a security issue, please email security@localingos.com. We take all reports seriously and will respond within 48 hours.