Lusha takes data security seriously. This article summarizes the key security features available in your Lusha account and how Lusha protects the data you store and access through the platform.
Account security
Password protection
Your Lusha account is protected by a password you set at signup. Lusha enforces minimum password strength requirements. You can update your password at any time via Settings → My Profile → Send me Instructions.
Single Sign-On (SSO)
Scale plan customers can configure SSO using SAML 2.0, allowing team members to log in through your company's identity provider (e.g., Okta, Azure AD, Google Workspace). This gives your IT team centralized control over access.
To set up SSO: go to Settings → Account Settings → Single Sign-On. (Scale plan only.)
Review SSO information in our SSO article, or SAML article.
Session management
Lusha automatically ends inactive sessions after a period of inactivity. You can manually sign out of all active sessions from Settings → My Profile → Sign Out of All Sessions.
Data security
Encryption in transit
All data transmitted between your browser and Lusha's servers is encrypted using TLS (Transport Layer Security).
Encryption at rest
Data stored in Lusha's systems is encrypted at rest.
Access controls
Lusha uses role-based access controls (RBAC) to ensure team members only see the data and settings relevant to their role (Admin, Manager, or User).
Compliance
Lusha is committed to compliance with applicable data protection regulations, including GDPR. For details on how Lusha sources, stores, and processes contact data, see the GDPR Compliance and Data Sources & Accuracy articles.
💡 Note: Lusha holds a SOC 2 Type II certification. For security reports or compliance documentation (e.g., for vendor review), contact your Lusha Account Manager or reach out to Lusha Support.
Reporting a security concern
If you believe you've discovered a security vulnerability in Lusha's platform, contact Lusha's security team directly at [email protected].