Security Controls

Customer Data Protection

  • AES 256 bit encryption for data at Rest and HTTPS with TLS 1.2 encryption for data in transit.

  • High availability deployment with regular backups stored with redundancy.
  • Application layer is configured to auto scale to handle excess traffic due to an attack or even due to a surge in legit traffic.

  • Application supports SAML and ADFS based Single Sign On.
  • Configurable Role Based Access Control (RBAC) with granular control on user permissions.
  • Customizable password complexity requirements.
  • Access to corporate networks is limited through Zero Trust Network Access (ZTNA)/VPN.
  • End to end audit trails of user activities

  • Next Generation Antivirus protection for devices and servers.
  • Multi layer defense including Web Application Firewall (WAF), Intrusion Detection System (IDS), Denial of Service (DoS) protection, etc.

  • Robust business continuity and disaster recovery plans in place to ensure continued operation in the face of abnormal business conditions/disasters.

  • Insured against cyber liabilities which covers security and privacy breaches, forensic expenses, social engineering attacks, ransomware attacks, etc.
Customer Data Protection

Secure Development Lifecycle

  • Security and privacy requirements analysis during the design phase and ensuring that the requirements are satisfied at each stage of the life cycle.

  • Train developers on secure coding and code review techniques including OWASP top 10 vulnerabilities and their prevention.
  • Automated code scanning is performed for identifying security issues.

  • Change management is integrated into the SDLC processes, with various internal and external stakeholders. Customers will be informed well in advance of any major breaking changes.

  • Access to production systems are restricted based on job roles and limited time access is given only on a need to know basis which expires after the requested time. Access is periodically reviewed.

  • Periodic security testing of applications as per OWASP standards.
  • Regular internal and external vulnerability assessment and penetration testing (VAPT).
  • Currently we do not have a public bug bounty program, but we highly appreciate the efforts of security researchers. Refer to our Responsible Vulnerability Disclosure Policy for more information.
Secure Development Lifecycle

Privacy by Design and by Default

  • ISO 27701:2019 Certified and have a well established, implemented, monitored and audited Privacy Information Management System.
  • Tracking collection, storage, processing, access, transfer, retention and removal of Personal Information.

  • Configurable retention periods towards personal information.
  • Dedicated process and a channel established for deletion of personal data upon request.

  • Identified, assessed and empanelled sub-processors ensuring appropriate fitments. You can read more about our process and List of Sub Processors here.

  • Certain privacy laws provide individuals with the right to request access to and/or deletion of personal information an organization has about them. To submit a data subject rights request in relation to personal information processed by Locus, please raise a request via mail to
Privacy by Design and by Default


To ensure the effectiveness of our controls and to help our customers meet their compliance requirements, we certify against industry-standard Information Security and Privacy certification

IS 706275
IS 706275
ISO 27001:2013

Locus is ISO 27001:2013 certified and have an effective Information Security Management System in place. The certificate is available on request.

PM 767891
PM 767891
ISO 27701:2019

Locus is ISO 27701:2019 certified, helping us to demonstrate our capability to protect customer’s Personal Information.

How we help customers to meet their compliance requirement


Compliance with ISO 27701:2019 has provided a strong foundation for GDPR compliance. We ensure that the personal information collected from our customers in the EU does not leave the region, without the customer’s consent. Reach out to or in case of any queries regarding GDPR or Privacy.

For more information on Locus’s GDPR compliance, you can request for our DPA at DPA can be signed on request.


Make every delivery experience a part of your growth


Schedule a meeting with Locus

How can Locus help manage your logistics?

  • Locus’ proprietary geocoding engine converts the fuzziest of the addresses into precise geographical coordinates thereby helping your on-ground executives locate addresses easily.
  • Digitize all your operational variables such as fleets, delivery persons etc. to come up with the best route plan every day.
  • Track your orders in real-time with the Locus Live Dashboard. Locus’ all-mile delivery app Locus On The Road (LOTR) helps delivery partners process orders.
  • Visualize and tweak your scheduled plans via three key metrics— geography, time, & vehicle (fleet)—with a birds-eye view of your entire operations.
  • Build your own reports and analyze important parameters that you need to make key decisions.

Join Industry Leaders:

68m+ miles

Reduction in distance traveled

12m+ kgs

Reduction in GHG emissions


Savings in logistics costs
brand logos