LangWatch Trust Center
LangWatch mission is to make AI work – and work for the people. Security, privacy, and compliance is necessarily at the heart of everything we do. Here is an overview of security efforts at LangWatch.
LangWatch - built on Enterprise security foundations
LangWatch is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.
Data Privacy and Security
Deployed in a secure and safe cloud with robust security capabilities all hosted in the EU.
Personal information protection
No personal information stored with granular PII Controls. All PII wiped immediately.
Dedicated support
Dedicated support to help you at every step of the way.
Infrastructure & hosting
LangWatch is hosted on Amazon Web Services (AWS), leveraging industry-leading security and compliance capabilities:
AWS Security compliance: AWS is ISO 27001, SOC2, and GDPR-compliant.
Data centers: Hosted in EU-based AWS regions, ensuring compliance with European data residency regulations. Other regions such as US / Australia are available on request (via AWS marketplace)
Multi-region redundancy: Built-in disaster recovery with failover mechanisms across multiple AWS regions.
LangWatch Cloud
The software is hosted and managed by LangWatch.
LangWatch is responsible for availability and performance of the entire platform.
LangWatch may access the customer account for debugging purposes, with all access fully logged and requiring explicit permission requests
Self-Hosted
Hybrid Self-Hosted
Data security & encryption
LangWatch ensures data security through strong encryption standards:
Encryption at Rest: All stored data is encrypted using AES-256 encryption and Redis queues.
Encryption in Transit: All data exchanged between customers and LangWatch is secured with TLS 1.2+.
Key management: Uses AWS Key Management Service (KMS) for encryption key protection.
Granular PII Controls: Any personally identifiable information (PII) is automatically detected and wiped immediately after processing.
Access control & authentication
Role-Based Access Control (RBAC) ensures granular permission management.
Multi-Factor Authentication (MFA) is enforced across LangWatch systems.
AWS Identity and Access Management (IAM) policies follow the principle of least privilege.
Secure Authentication via Auth0 with Single Sign-On (SSO). Specific SSO available on request.
Security monitoring & incident response
LangWatch employs continuous security monitoring and a robust incident response framework:
Threat detection: Snyk Security to monitor for anomalies in real-time.
Comprehensive logging: AWS CloudTrail and AWS CloudWatch provide full audit logging.
Automated security alerts: Monitored 24/7 for unauthorized access attempts or suspicious activity.
Incident response: A structured incident response plan ensures rapid investigation, containment, and resolution of security incidents.
Backup & disaster recovery
LangWatch has a robust backup and disaster recovery strategy:
Automated backups: Data is backed up daily, with encryption at rest.
Geo-redundant storage: Backups are replicated across multiple AWS regions.
Retention policy: Customers can define data retention periods to meet compliance needs - part of the commercial agreement. Or go for the Hybrid option to own this.
Recovery objectives: LangWatch maintains an RPO (Recovery Point Objective) of <1 hour and an RTO (Recovery Time Objective) of <4 hours.
Secure software development
LangWatch follows industry best practices in Secure software development lifecycle:
Code security audits: Regular security reviews and static code analysis.
Vulnerability Management: Automated scanning with GitHub Dependabot and Snyk..
Peer Code Reviews: Every pull request undergoes checks before merging.
Production vs. development isolation: Staging and production environments are strictly separated.
Compliance & legal framework
LangWatch ensures adherence to global security and privacy regulations:
GDPR Compliance: Customers can exercise their right to be forgotten and data portability.
Data Processing Agreements (DPAs): We provide DPAs for enterprise customers to meet compliance requirements.
SOC2 & ISO 27001 Certification: LangWatch partners with certified cloud providers to maintain compliance.
Subject access request handling: A structured process for responding to privacy-related requests.
Security awareness & vendor management
Employee security training: All employees receive annual security training.
Third-party security audits: Regular penetration testing by external security firms.
Vendor risk assessment: Any third-party tools is evaluated to meet ISO 27001, and GDPR compliance requirements.
Incident reporting & contact
If you identify a potential security issue, please contact our security team at security@langwatch.ai.