0 added
0 removed
Original
2026-01-01
Modified
2026-03-10
1
<p>At Klaviyo, we are committed to being trustworthy stewards of customer data as we power smarter digital relationships and empower creators to own their destiny.</p>
1
<p>At Klaviyo, we are committed to being trustworthy stewards of customer data as we power smarter digital relationships and empower creators to own their destiny.</p>
2
<h2>Trusted by 183,000+ companies</h2>
2
<h2>Trusted by 183,000+ companies</h2>
3
<p>Security and privacy are foundational to how we continuously innovate and improve our platform, tailoring it to meet the evolving needs of our customers.</p>
3
<p>Security and privacy are foundational to how we continuously innovate and improve our platform, tailoring it to meet the evolving needs of our customers.</p>
4
<h3>External audits</h3>
4
<h3>External audits</h3>
5
<p>Klaviyo undergoes annual third-party audits to ensure our internal controls are designed and operating effectively in accordance with industry standards, such as SOC 2 and ISO 27001. Our third-party audit reports can be downloaded directly from our self-service<a>Trust Center</a>.</p>
5
<p>Klaviyo undergoes annual third-party audits to ensure our internal controls are designed and operating effectively in accordance with industry standards, such as SOC 2 and ISO 27001. Our third-party audit reports can be downloaded directly from our self-service<a>Trust Center</a>.</p>
6
<h3>Data governance</h3>
6
<h3>Data governance</h3>
7
<p>As a data processor, Klaviyo offers tools and functionality that enable our customers to meet their key data privacy compliance requirements for GDPR, CCPA, and beyond. These tools encompass profile<a>consent management</a>and rights request tooling to satisfy both<a>access and deletion requests</a>.</p>
7
<p>As a data processor, Klaviyo offers tools and functionality that enable our customers to meet their key data privacy compliance requirements for GDPR, CCPA, and beyond. These tools encompass profile<a>consent management</a>and rights request tooling to satisfy both<a>access and deletion requests</a>.</p>
8
<p>Additionally, as a controller of Klaviyo account user data, we also enable our data subjects to<a>submit privacy rights requests</a>and make privacy inquiries. For more information about our data privacy practices and commitments, including our Privacy Notice, Data Processing Agreement, and other policies, please visit our<a>Legal Hub</a>.</p>
8
<p>Additionally, as a controller of Klaviyo account user data, we also enable our data subjects to<a>submit privacy rights requests</a>and make privacy inquiries. For more information about our data privacy practices and commitments, including our Privacy Notice, Data Processing Agreement, and other policies, please visit our<a>Legal Hub</a>.</p>
9
<h3>Endpoint security</h3>
9
<h3>Endpoint security</h3>
10
<p>We use mobile device management and anti-malware software to prevent, detect, and respond to endpoint device threats. Secure-by-default configurations, such as disk encryption, software updates, and removable media restrictions, proactively protect data stored on our endpoint devices.</p>
10
<p>We use mobile device management and anti-malware software to prevent, detect, and respond to endpoint device threats. Secure-by-default configurations, such as disk encryption, software updates, and removable media restrictions, proactively protect data stored on our endpoint devices.</p>
11
<h3>Workforce identity and access management</h3>
11
<h3>Workforce identity and access management</h3>
12
<p>Klaviyo utilizes a modern single sign-on (SSO) platform to control access to Klaviyo’s internal systems and applications. This allows us to efficiently protect against identity-based threats by centrally enforcing access and authentication security policies. Data access rights for employees undergo regular reviews to ensure that only the minimum necessary privileges are granted.</p>
12
<p>Klaviyo utilizes a modern single sign-on (SSO) platform to control access to Klaviyo’s internal systems and applications. This allows us to efficiently protect against identity-based threats by centrally enforcing access and authentication security policies. Data access rights for employees undergo regular reviews to ensure that only the minimum necessary privileges are granted.</p>
13
<h3>Security culture and training</h3>
13
<h3>Security culture and training</h3>
14
<p>Klaviyo’s security culture and training program is designed to equip employees with the knowledge and skills necessary to uphold their security responsibilities and recognize and address potential security risks. This is achieved through new hire and annual training, phishing awareness campaigns, and our “Risky Business” newsletter for informing employees about pertinent security and privacy topics.</p>
14
<p>Klaviyo’s security culture and training program is designed to equip employees with the knowledge and skills necessary to uphold their security responsibilities and recognize and address potential security risks. This is achieved through new hire and annual training, phishing awareness campaigns, and our “Risky Business” newsletter for informing employees about pertinent security and privacy topics.</p>
15
<h3>Risk management</h3>
15
<h3>Risk management</h3>
16
<p>Klaviyo has implemented a risk management program to proactively identify, assess, and manage risk to an acceptable level. This includes risk domains such as information security, third-party security, and other enterprise security domains. We regularly conduct risk assessments and partner with cross-functional stakeholders to provide guidance in devising risk treatment plans and to ensure risk treatment is being prioritized accordingly.</p>
16
<p>Klaviyo has implemented a risk management program to proactively identify, assess, and manage risk to an acceptable level. This includes risk domains such as information security, third-party security, and other enterprise security domains. We regularly conduct risk assessments and partner with cross-functional stakeholders to provide guidance in devising risk treatment plans and to ensure risk treatment is being prioritized accordingly.</p>
17
<h3>API security</h3>
17
<h3>API security</h3>
18
<p>Klaviyo simplifies securing<a>API access</a>to account data and features by providing both<a>API key</a>and<a>OAuth</a>authentication mechanisms. This also allows customers to more easily and securely integrate with partners’ applications to extend the functionality of their Klaviyo use cases.</p>
18
<p>Klaviyo simplifies securing<a>API access</a>to account data and features by providing both<a>API key</a>and<a>OAuth</a>authentication mechanisms. This also allows customers to more easily and securely integrate with partners’ applications to extend the functionality of their Klaviyo use cases.</p>
19
<p>Whether using API keys or OAuth credentials, customers can implement least-privilege access to their Klaviyo account by using feature-specific permission<a>scopes</a>.</p>
19
<p>Whether using API keys or OAuth credentials, customers can implement least-privilege access to their Klaviyo account by using feature-specific permission<a>scopes</a>.</p>
20
<h3>Penetration testing</h3>
20
<h3>Penetration testing</h3>
21
<p>Finding and fixing exploitable vulnerabilities in our platform before bad actors do is foundational to protecting our customers’ data. Klaviyo works with an industry-leading third-party penetration testing provider on an annual basis and runs a<a>bug bounty</a>program with external security researchers. Our internal Offensive Security team also performs targeted penetration testing on an ongoing basis.</p>
21
<p>Finding and fixing exploitable vulnerabilities in our platform before bad actors do is foundational to protecting our customers’ data. Klaviyo works with an industry-leading third-party penetration testing provider on an annual basis and runs a<a>bug bounty</a>program with external security researchers. Our internal Offensive Security team also performs targeted penetration testing on an ongoing basis.</p>