Security & ComplianceOverview

Security & Compliance Overview

At Langfuse, we prioritize data privacy and security. We understand that the data you entrust to us is a vital asset to your business, and we treat it with the utmost care.

We take active steps to demonstrate our commitment to data security and privacy such as annual SOC2 Type 2 and ISO27001 audits as well as External Penetration Tests. You can request access to the reports here.

Langfuse is built with enterprise needs in mind, focusing on:

Compliance

We maintain internal policies and adhere to several industry-standard compliance frameworks.

SOC 2 Type IIISO 27001HIPAA

Privacy

Langfuse is GDPR compliant, and offers data retention, data masking and data deletion capabilities to manage the processing of personal data. You can enter into a DPA with Langfuse.

Contact

General Information on Langfuse

What is Langfuse?

Langfuse is an open‑source LLM engineering platform that provides tracing, prompt management, evaluation, and metrics to help teams debug and continuously improve LLM‑based applications.

What deployment models are available?

  • Langfuse Cloud – fully‑managed SaaS (multi‑tenant) with US, EU and HIPAA data regions
  • Self‑hosted OSS – MIT‑licensed software that you can deploy on your own infrastructure
  • Self‑hosted Enterprise Edition – commercial license with additional security/compliance features and vendor support.

Which cloud provider and regions do you use?

Langfuse Cloud mainly runs on AWS and Clickhouse via AWS:

  • US region: us-west-2 (Oregon)
  • EU region: eu-west-1 (Ireland)

Self‑hosted customers can choose any region / provider. Langfuse Self-Hosted can be run fully offline/air-gapped.

Authentication & Authorization

Was this page useful?

Questions? We're here to help

GitHub Q&AGitHubEmailTalk to sales

Subscribe to updates