LangWatch Trust Center

LangWatch mission is to make AI work – and work for the people. Security, privacy, and compliance is necessarily at the heart of everything we do. Here is an overview of security efforts at LangWatch.

ISO 27001 compliant

GDPR - Compliant

Receive our latest Pentest

LangWatch - built on Enterprise security foundations

LangWatch is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

Data Privacy and Security

Deployed in a secure and safe cloud with robust security capabilities all hosted in the EU.

Personal information protection

No personal information stored with granular PII Controls. All PII wiped immediately.

Dedicated support

Dedicated support to help you at every step of the way.

Infrastructure & hosting

LangWatch is hosted on Amazon Web Services (AWS), leveraging industry-leading security and compliance capabilities:

AWS Security compliance: AWS is ISO 27001, SOC2, and GDPR-compliant.
Data centers: Hosted in EU-based AWS regions, ensuring compliance with European data residency regulations. Other regions such as US / Australia are available on request (via AWS marketplace)
Multi-region redundancy: Built-in disaster recovery with failover mechanisms across multiple AWS regions.

LangWatch Cloud

The software is hosted and managed by LangWatch.

LangWatch is responsible for availability and performance of the entire platform.
LangWatch may access the customer account for debugging purposes, with all access fully logged and requiring explicit permission requests

Self-Hosted

The Client hosts and manages the full software on their own infrastructure, which may include on-premise servers or cloud environments such as AWS, Azure, or Google Cloud but not limited to.

The Client is solely for updates, security, and maintenance.
LangWatch offers additional services on deployment support and updates.

Hybrid Self-Hosted

The Client utilizes LangWatch Cloud for LLM monitoring, evaluation and optimization, while all client data (input and output of LLMs) remains on the Client’s infrastructure.

LangWatch may access the customer account for debugging purposes, with all access fully logged and requiring explicit permission requests
The Client retains full responsibility for the management, security, and regulatory compliance of the LLM data.

Data security & encryption

LangWatch ensures data security through strong encryption standards:

Encryption at Rest: All stored data is encrypted using AES-256 encryption and Redis queues.
Encryption in Transit: All data exchanged between customers and LangWatch is secured with TLS 1.2+.
Key management: Uses AWS Key Management Service (KMS) for encryption key protection.
Granular PII Controls: Any personally identifiable information (PII) is automatically detected and wiped immediately after processing.

Access control & authentication

Role-Based Access Control (RBAC) ensures granular permission management.
Multi-Factor Authentication (MFA) is enforced across LangWatch systems.
AWS Identity and Access Management (IAM) policies follow the principle of least privilege.
Secure Authentication via Auth0 with Single Sign-On (SSO). Specific SSO available on request.

Security monitoring & incident response

LangWatch employs continuous security monitoring and a robust incident response framework:

Threat detection: Snyk Security to monitor for anomalies in real-time.
Comprehensive logging: AWS CloudTrail and AWS CloudWatch provide full audit logging.
Automated security alerts: Monitored 24/7 for unauthorized access attempts or suspicious activity.
Incident response: A structured incident response plan ensures rapid investigation, containment, and resolution of security incidents.

Backup & disaster recovery

LangWatch has a robust backup and disaster recovery strategy:

Automated backups: Data is backed up daily, with encryption at rest.
Geo-redundant storage: Backups are replicated across multiple AWS regions.
Retention policy: Customers can define data retention periods to meet compliance needs - part of the commercial agreement. Or go for the Hybrid option to own this.
Recovery objectives: LangWatch maintains an RPO (Recovery Point Objective) of <1 hour and an RTO (Recovery Time Objective) of <4 hours.

Secure software development

LangWatch follows industry best practices in Secure software development lifecycle:

Code security audits: Regular security reviews and static code analysis.
Vulnerability Management: Automated scanning with GitHub Dependabot and Snyk..
Peer Code Reviews: Every pull request undergoes checks before merging.
Production vs. development isolation: Staging and production environments are strictly separated.

Compliance & legal framework

LangWatch ensures adherence to global security and privacy regulations:

GDPR Compliance: Customers can exercise their right to be forgotten and data portability.
Data Processing Agreements (DPAs): We provide DPAs for enterprise customers to meet compliance requirements.
SOC2 & ISO 27001 Certification: LangWatch partners with certified cloud providers to maintain compliance.
Subject access request handling: A structured process for responding to privacy-related requests.

Security awareness & vendor management

Employee security training: All employees receive annual security training.
Third-party security audits: Regular penetration testing by external security firms.
Vendor risk assessment: Any third-party tools is evaluated to meet ISO 27001, and GDPR compliance requirements.

Incident reporting & contact

If you identify a potential security issue, please contact our security team at security@langwatch.ai.

Ship agents with confidence, not crossed fingers

Get up and running with LangWatch in as little as 10 minutes.

Start shipping