Security & Compliance Overview
At Langfuse, we prioritize data privacy and security. We understand that the data you entrust to us is a vital asset to your business, and we treat it with the utmost care.
We take active steps to demonstrate our commitment to data security and privacy such as annual SOC2 Type 2 and ISO27001 audits as well as External Penetration Tests. You can request access to the reports here.
Langfuse is built with enterprise needs in mind, focusing on:
- Security Measures: Robust Encryption, access controls, and regular Penetration Testing.
- Privacy Measures: Protecting user data according to regulations like GDPR. We offer a DPA, BAA, and adhere to our Privacy Policy.
- Transparency: Open-source core and clear information on software dependencies.
- Reporting: Clear channels for Responsible Disclosure and Whistleblowing.
Langfuse is the most widely adopted LLM Engineering platform with 29,848 GitHub stars, 50M+ SDK installs per month, and 6M+ Docker pulls. Trusted by 19 of the Fortune 50 and 63 of the Fortune 500 companies.
Langfuse Cloud security model
Langfuse Cloud is a fully managed, multi-tenant SaaS deployment. The security model combines three layers:
- Security posture: The production service is based on the same open-source Langfuse codebase, is covered by SOC 2 Type II and ISO 27001 audits, and undergoes annual third-party penetration tests. You can request the latest reports here.
- Tenant isolation: All product data is scoped to a project. Every record is associated with a
projectId, API keys are project-scoped, and authenticated requests are authorized through RBAC before queries are made. See the Security FAQ and RBAC docs. - Customer controls: Teams can reduce what reaches Langfuse and how long it stays there with masking, data retention, data deletion, region selection, SSO/SCIM, and audit logs.
Langfuse Cloud runs on AWS and ClickHouse Cloud in isolated regional environments. Supporting services such as Postgres, ClickHouse, Redis, and S3 are covered by the same cloud security program: private network placement, least-privilege service access, encryption at rest and in transit, monitoring, and vendor/compliance review. If your requirements mandate infrastructure-level isolation in your own account or VPC, use self-hosted Langfuse or contact us about Enterprise options.
Compliance
We maintain internal policies and adhere to several industry-standard compliance frameworks. Please check Security FAQs for more details.
Privacy
Langfuse is GDPR compliant, and offers data retention, data masking and data deletion capabilities to manage the processing of personal data. You can enter into a DPA with Langfuse.
Contact
- Use Ask AI to get instant answers to your questions.
- For security inquiries: security@langfuse.com
- For privacy inquiries: privacy@langfuse.com
- For compliance inquiries: compliance@langfuse.com
General Information on Langfuse
What is Langfuse?
Langfuse is an openâsource AI engineering platform that provides tracing, prompt management, evaluation, and metrics to help teams debug and continuously improve LLMâbased applications.
What deployment models are available?
- Langfuse Cloud â fullyâmanaged SaaS (multiâtenant) with US, EU, Japan, and HIPAA data regions
- Selfâhosted OSS â MITâlicensed software that you can deploy on your own infrastructure
- Selfâhosted Enterprise Edition â commercial license with additional security/compliance features and vendor support.
Which cloud provider and regions do you use?
Langfuse Cloud mainly runs on AWS and ClickHouse Cloud:
- US & HIPAA region: us-west-2 (Oregon)
- EU region: eu-west-1 (Ireland)
- JP region: ap-northeast-1 (Japan)
Selfâhosted customers can choose any region / provider. Langfuse Self-Hosted can be run fully offline/air-gapped.
Last edited
