Data privacy & security

We take data privacy and security very seriously. The data ingested into Langfuse are a core asset to your business and we treat it as such.

Security

All data is encrypted at REST and in transit (via TLS).
Database in Frankfurt, Germany (AWS eu-central-1). US data region available upon request. Other regions and dedicated deployments available for enterprise customers.
Point-in-Time Recovery (PITR) using backups of database and Write Ahead Log.
SSO (Single Sign-On) is available for all users through OAuth 2.0 with Google and GitHub. You can request SSO enforcement for your organization (Team plan and above) to require 2FA (Two-Factor Authentication).
Contact: security@langfuse.com

Privacy

Privacy Policy (opens in a new tab)
Data Subject Access Request Form (opens in a new tab)
DPA (Data Processing Agreement) and subprocessor list available upon request.
Contact: privacy@langfuse.com

Compliance

We are currently working towards SOC 2 and ISO 27001 compliance.
Contact: compliance@langfuse.com

Responsible Disclosure of Security Vulnerabilities

We prioritize system security and highly appreciate the security community. Disclosing security vulnerabilities assists us in safeguarding the security and privacy of our users. Please submit actionable vulnerability reports to security@langfuse.com.

Project Sharing (Roles)

Was this page useful?

Questions? We're here to help

DiscordEmail Talk to founder