Security
At Lilu, data protection and privacy are built into every layer of our technology.
We comply with leading international privacy and data security frameworks — including the EU GDPR, Indonesia Personal Data Protection Law (No. 27/2022), and Vietnam Personal Data Protection Law (PDPL 2025) — ensuring that our customers and their users stay fully protected everywhere we operate.
We comply with leading international privacy and data security frameworks — including the EU GDPR, Indonesia Personal Data Protection Law (No. 27/2022), and Vietnam Personal Data Protection Law (PDPL 2025) — ensuring that our customers and their users stay fully protected everywhere we operate.
Regulatory Compliance
Lilu operates in full accordance with applicable privacy and data protection laws in the regions where we serve clients. We implement transparent, auditable controls for data handling and access.
Data residency options
— EU-based, Vietnam-based, Indonesia-based, or other SEA locations where required.
Access control and role-based models
for managing permissions and limiting visibility of sensitive data.
Comprehensive audit logs
record every change: who, what, and when.
No payment-related risks
— payments are processed exclusively via certified third-party providers (PCI DSS compliant).
with GDPR (EU), PDP Law (Indonesia), and PDPL (Vietnam).
Fully compliant
Data Protection & Encryption
In transit:
Encrypted using TLS 1.2+ across all external and internal interfaces.
Encrypted disks and databases with unique encryption keys per client.
At rest:
Key management:
Integration with KMS/HSM systems where applicable.
Strict segmentation between environments, ensuring isolation of customer data.
Access separation:
Your data is secured both in transit and at rest.
Integrations & Communication Channels
Lilu integrates securely with your systems and channels while maintaining full control over data access.
Connected only through secure, verified endpoints and controlled access keys.
Third-party systems:
CRM / ERP:
API connections with token-based authentication and scoped access to data.
Messaging channels:
All inbound and outbound requests are logged; personal data in logs is masked or anonymized according to client policy.
Service Continuity & Reliability
Backups:
Encrypted using TLS 1.2+ across all external and internal interfaces.
Target SLA of 99% uptime for cloud deployments.
Availability:
Disaster recovery:
Redundant nodes and failover scenarios tested regularly.
24/7 system health and performance tracking.
Access separation:
Our infrastructure is designed for resilience, redundancy, and high availability.
Deployment Options
Fast setup and full service management.
- SLA 99%, regional data storage, encrypted backups, and cloud-native KMS. Best choice for most customers.
Cloud
- Full control over data, audit logs, and integrations.
- Supports connection with your internal IdP/SSO, SIEM, and KMS/HSM systems.
Can operate in isolated or closed environments.
On-Premise
We offer flexible deployment models to fit your compliance, data control, and security needs.
Have Questions
or Need Documentation?
or Need Documentation?
How can we contact you?
Fill out the form below — we’ll get back to you shortly.