Security at Litmus: How We Keep Your Data + Assets Safe

[ 0 By

When you sign up for a new product or service, do you ever wonder where your data goes and if it’s stored securely? It’s only natural to expect your information to be safe from hackers and other malicious actors.

Here at Litmus, we maintain the highest levels of confidentiality, privacy, and security for our customers’ data. We dedicate time, money, and resources to safeguard Litmus and our customers from data loss and theft. That is why we’re excited to introduce the brand-new Enterprise Security features in the Litmus Creative Platform that will help you better protect your account and your data, and fulfill even your most unique security requirements.

But before we get to those exciting updates, let’s take a quick look at our overall Information Security Program.

Behind the scenes: Security at Litmus

At Litmus, our approach to Information Security ensures that our organization aligns information security policy with business objectives at all times. Through our robust Information Security Program, we secure the entirety of our business—our people, our processes, and our technology—to provide the security, control, and transparency expected by our partners and customers.

Our Information Security Program includes:

  • Administrative security controls, including security policies, asset management, security audits, disaster recovery, security awareness training, security response, and vulnerability management
  • Technical security controls, including application security, access controls, endpoint protection, network security, password management and multi-factor authentication, and security logging and monitoring
  • Physical security controls, including physical and environmental security for facilities, badge readers, and equipment protection

Periodically, we receive questions from prospects and customers regarding security at Litmus. Check out a few of the most frequently-asked security questions (and their answers).


Available exclusively to Litmus Enterprise customers, Enterprise Security provides an additional level of security on your account. Utilize Enterprise Security features, like two-step verification, custom session lengths, and customizable password settings, for full control over your Litmus account and to further protect your business.


Choosing secure passwords is the first step towards protecting your Litmus account from unauthorized access. With Custom Password Settings, you can ensure that every Litmus user utilizes passwords that meet your internal security requirements. For example:

  • Set a baseline of complexity for passwords by requiring any number of digits, symbols, uppercase, and lowercase characters
  • Blacklist common phrases (such as “password”, “1234”, or your brand’s name) from being included in a password
  • Set password expiry times to ensure your team’s passwords change on a regular basis. You can also configure how many password changes are required before a password can be reused, or prevent reusing passwords altogether
Custom Password Settings


Two-step verification adds an additional layer of security to your Litmus account by requiring two forms of authentication—a password and SMS verification—during sign in. With two-step verification enabled, each user is required to add a phone number to their Litmus account. We’ll use this phone number to send you a verification code when you log in to Litmus. This extra layer of security ensures that you’re the only person who can access your account, even if someone knows your password.

two-step verification

On Litmus Enterprise accounts, Account Holders can require that all users on their Litmus account utilizes two-step verification.


Session timeouts automatically log a user out of their Litmus account after they’ve been inactive for a certain time. This helps avoid unauthorized access whenever a user might use Litmus from a computer that isn’t their own and forgets to logout, or if a computer gets stolen or lost.

Custom session lengths in Litmus set the amount of time a user’s account is allowed to be idle before being logged out—and you can customize them by the minute to make them fit your team’s needs.

Session Expiration

Further protect your Litmus account with Enterprise-grade security

Your Litmus account is a hub for collaboration across the entire email creative process—and protecting that process is a top priority for you and for Litmus. Available exclusively to Litmus Enterprise customers, protect your account with Enterprise Security controls to ensure that your assets and data—and your business—are fully protected, and we will continue to maintain the highest levels of privacy and security of your data.

Learn more about Litmus Enterprise →