LangWatch - Quality Control & User-Analytics for Generative AI solutions

Built on enterprise security foundations

LangWatch is built from the ground up by an experienced team with security, privacy and compliance prioritized from day one.

We do not train on customer data

No personal information stored with granular PII Controls. All PII wiped immediately.

Data Privacy and Security

Deployed in a secure and safe cloud with robust security capabilities all hosted in the EU. 🇪🇺

Cloud hosted or on-premise

Don’t worry about managing servers and platform security with the LangWatch Cloud Hosted Solution For customers with the strictest data privacy needs we offer Self-Hosted possibilities.

Built on enterprise security foundations

LangWatch is built from the ground up by an experienced team with security, privacy and compliance prioritized from day one.

We do not train on customer data

No personal information stored with granular PII Controls. All PII wiped immediately.

Data Privacy and Security

Deployed in a secure and safe cloud with robust security capabilities all hosted in the EU. 🇪🇺

Cloud hosted or on-premise

Don’t worry about managing servers and platform security with the LangWatch Cloud Hosted Solution For customers with the strictest data privacy needs we offer Self-Hosted possibilities.

Last updated June 11, 2024

Our Commitment to Security

At LangWatch, we understand that security and reliability are fundamental for your trust in our services and a strong requirement for many of our customers dealing with sensitive and private data. Our dedicated approach to security encompasses rigorous measures and protocols to safeguard your data at every level.

How We Protect Your Data

Infrastructure Security: LangWatch leverages a multi-faceted infrastructure, predominantly hosted on AWS, Elastic Cloud, and Vercel. This diversified approach ensures robust security capabilities and compliance with industry standards like SOC2, GDPR, and ISO 27001.

Data Storage and Encryption: Your data is securely encrypted both in transit and at rest, utilizing AES256 encryption across AWS, Elastic Cloud instances and Redis queues. This encryption is bolstered by our commitment to using only SOC2, GDPR, and ISO 27001 compliant services, namely Google Cloud, Elastic and Vercel.

Data Privacy and PII Handling: We take privacy seriously. Personally Identifiable Information (PII) received by our service is automatically identified by Google Cloud DLP algorithm, and completely removed before any data storage happens by redacting the received data, ensuring compliance with privacy regulations and safeguarding user data.

Access Control and Secret Management: Access to sensitive data is stringently controlled. We employ a role-based access control (RBAC) system to ensure that only authorized personnel have access to specific data segments Only for troubleshooting and with your permission personnel within LangWatch can access it. Environmental variables and secrets are securely managed within our Google Cloud and Vercel host providers, ensuring that sensitive information is accessible only to those who need it.

Advanced Authentication Security with Auth0: Secure access to LangWatch is managed through Auth0, which maintains up-to-date encryption algorithms and adheres to stringent security protocols, providing a highly secure authentication system. This integration ensures advanced protection against unauthorized access, with the added flexibility of Single Sign-On (SSO) functionality available upon request.

Compliance and Certifications: While LangWatch is currently in the process of obtaining formal certifications, we rigorously adhere to GDPR and SOC2 practices. Our commitment to these standards underlines our dedication to maintaining a secure and compliant platform.

Scalability and Reliability

Auto scalable: LangWatch is built on serverless architecture, offering auto-scalability to efficiently handle high volumes of traffic. This setup ensures high availability and reliability of our services, without the need for physical infrastructure management.

Robust Backup Systems: Both SQL and Elasticsearch on our infrastructure are equipped with comprehensive backup solutions. Regular, encrypted backups ensure that customer data is not only secure but also readily recoverable in the event of any unforeseen data loss.

Development and Operational Security

Training and Awareness: New employees undergo extensive onboarding training focused on our security-first culture, with regular updates as security landscapes evolve.

Vulnerability Management: Our vulnerability management primarily utilizes GitHub’s Dependabot, continuously scanning our codebase for potential vulnerabilities. This proactive approach allows us to address security issues swiftly and effectively.

Separate Environments: LangWatch’s development environment is completely isolated from production, ensuring that any changes are thoroughly tested in a secure setting before deployment. This separation is crucial in maintaining the integrity and security of our platform.

Monitoring and Alerting: Comprehensive monitoring systems are in place for infrastructure health and application runtime errors, enabling prompt response to any issues.

Audit Trails and Record Keeping: Robust audit trails are maintained for all operations, complying with SOC2 standards and ensuring traceability and accountability.

Incident Management and Response

We are prepared for any security incidents, this includes prompt notification and cooperation with customers, as well as compliance with regulatory requirements, such as GDPR Article 33.

International Data Handling and Transfers
LangWatch ensures that all international data transfers are compliant with GDPR, working exclusively with vendors inside the EU.

Contact and Reporting

For any security concerns or to report vulnerabilities, please contact our security team at security@langwatch.ai