Read Time: 5 min

Security at Litmus: How We Keep Your Data + Assets Safe


When you sign up for a new product or service, do you ever wonder where your data goes and if it’s stored securely? It’s only natural to expect your information to be safe from hackers and other malicious actors.

Here at Litmus, we maintain the highest levels of confidentiality, privacy, and security for our customers’ data. We dedicate time, money, and resources to safeguard Litmus and our customers from data loss and theft. Here’s how.

Behind the scenes: Security at Litmus

At Litmus, our approach to Information Security ensures that our organization aligns information security policy with business objectives at all times. Through our robust Information Security Program, we secure the entirety of our business—our people, our processes, and our technology—to provide the security, control, and transparency expected by our partners and customers.

Our Information Security Program includes:

  • Administrative security controls, including security policies, asset management, security audits, disaster recovery, security awareness training, security response, and vulnerability management
  • Technical security controls, including application security, access controls, endpoint protection, network security, password management and multi-factor authentication, and security logging and monitoring
  • Physical security controls, including physical and environmental security for facilities, badge readers, and equipment protection

A Partner you can Count On

Thousands of brands across the world trust Litmus to create incredible email experiences. Learn what makes Litmus a partner you can trust.

Learn more →


But our commitment to security goes even further. We also give you the tools you need to help you better protect your account and your data, and fulfill even your most unique security requirements.


Available exclusively to Litmus Enterprise customers, Enterprise Security provides an additional level of security on your account. Utilize Enterprise Security features, like two-step verification, custom session lengths, and customizable password settings, for full control over your Litmus account and to further protect your business.

Here’s an overview of our Enterprise Security Features.


With Litmus’ single sign-on with SAML integration, you can make the login process easier for your users while at the same time ensuring that your account is protected and only accessible by approved team members.

SAML is an industry standard that powers single sign-on functionality between two systems: a service provider (in our case that’s Litmus) and an identity provider (that’s the system managing user access across your organization). Litmus’ single sign-on integration supports Okta, OneLogin, and custom identity providers.

Single sign-on with SAML allows your team to:

  • Easily authenticate and manage user access: Single sign-on makes it easier for administrators to maintain full control over who has access to Litmus, and to easily add and remove user access if your team changes.
  • Comply with internal security standards: Do your internal security policies require all tools to be accessible via single sign-on? Enable single sign-on for your Litmus account to ensure compliance with internal protocols—and to keep your data safe.
  • Streamline the login process for your users: Users can now securely access Litmus with a single click—and without the need to remember separate login credentials.
Single sign-on via Okta


Choosing secure passwords is the first step towards protecting your Litmus account from unauthorized access. With Custom Password Settings, you can ensure that every Litmus user utilizes passwords that meet your internal security requirements. For example:

  • Set a baseline of complexity for passwords by requiring any number of digits, symbols, uppercase, and lowercase characters
  • Blacklist common phrases (such as “password”, “1234”, or your brand’s name) from being included in a password
  • Set password expiry times to ensure your team’s passwords change on a regular basis. You can also configure how many password changes are required before a password can be reused, or prevent reusing passwords altogether
Custom Password Settings


Two-step verification adds an additional layer of security to your Litmus account by requiring two forms of authentication—a password and SMS verification—during sign in. With two-step verification enabled, each user is required to add a phone number to their Litmus account. We’ll use this phone number to send you a verification code when you log in to Litmus. This extra layer of security ensures that you’re the only person who can access your account, even if someone knows your password.

two-step verification

On Litmus Enterprise accounts, Account Holders can require that all users on their Litmus account utilizes two-step verification.


Session timeouts automatically log a user out of their Litmus account after they’ve been inactive for a certain time. This helps avoid unauthorized access whenever a user might use Litmus from a computer that isn’t their own and forgets to logout, or if a computer gets stolen or lost.

Custom session lengths in Litmus set the amount of time a user’s account is allowed to be idle before being logged out—and you can customize them by the minute to make them fit your team’s needs.

Session Expiration

Further protect your Litmus account with Enterprise-grade security

Your Litmus account is a hub for collaboration across the entire email creative process—and protecting that process is a top priority for you and for Litmus. Available exclusively to Litmus Enterprise customers, protect your account with Enterprise Security controls to ensure that your assets and data—and your business—are fully protected, and we will continue to maintain the highest levels of privacy and security of your data.

Learn more about Litmus Enterprise →