Data Security & Privacy

Data Privacy and Security

At Langfuse, we prioritize data privacy and security. We understand that the data you entrust to us is a vital asset to your business, and we treat it with the utmost care.

We take active steps to demonstrate our commitment to data security and privacy such as annual SOC2 Type 2 and ISO27001 audits.

With Langfuse Cloud, we handle:

  • Deployment
  • Scaling
  • Upgrades and security patches
  • Ensuring high availability:

Security Measures

Langfuse Cloud

  • We encrypt all data at rest and in transit using TLS.
  • Our database and application run on AWS infrastructure, partly managed by Supabase and Vercel.
  • We use Point-in-Time Recovery (PITR) with database backups and Write Ahead Log.
  • All users have access to SSO (Single Sign-On) through OAuth 2.0 with Google and GitHub. We can enforce SSO for your organization (Team plan and above) to require 2FA (Two-Factor Authentication).
  • For security inquiries, please contact us at [email protected]

Self-hosted Instances

Privacy Measures

Compliance Measures

FrameworkStatus (Langfuse Cloud)
GDPRCompliant. DPA available upon request on Pro and Team plan.
SOC 2 Type IICertified. Report available upon request on Team plan.
ISO 27001Certified. Certificate available upon request on Team plan.
HIPAANot compliant. However, compliance can be attained by self-hosting on own infrastructure/VPC.

For specific compliance requirements or questions, please contact us at [email protected]

Responsible Disclosure of Security Vulnerabilities

We value the security community and prioritize system security. We encourage the disclosure of security vulnerabilities to help us protect the security and privacy of our users. Please send actionable vulnerability reports to [email protected]. Please note that we currently do not operate a bug bounty program.


We encourage employees and third parties to report breaches to us via email ([email protected]) or postal mail (address available here). You can contact us anonymously or request that we protect your privacy. For more information, employees can refer to Langfuse's internal Responsible Disclosure Policy.


If you want to notify Langfuse of any security-related matters. Please reach out to us via [email protected]


Was this page useful?

Questions? We're here to help

Subscribe to updates