Skip to content →

Security

Learn more about our data security practices and compliance measures.

Lock icon for the security page

Overview

Linear is built with best-in-class security practices to keep your work safe and secure at every layer. This includes state-of-the-art encryption, safe and reliable infrastructure partners, and independently verified security controls.

Refer to our Data Processing Agreement (DPA) for specific details: https://linear.app/dpa.

Certifications

Linear is compliant with GDPR, SOC 2 Type II, and HIPAA.

For HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on our Enterprise plan. Please contact us at sales@linear.app for more information.

To request other security and compliance documents for Linear, please visit our Trust Center. If you have further questions about any of our certifications, please let us know at support@linear.app.

Data regions

When creating a new workspace, you have the option to select the region you want your data to be stored. The available options are:

  • United States
  • European Union
Your data region selection chosen at workspace creation is permanent, and cannot be updated at a later date.

Most of the data associated with the workspace — including issue descriptions and uploaded attachments—will only be stored in the selected region. Regardless of the region you select for your workspace, the following data is always stored in the United States:

  • Information about the workspace, all user account information and user created API keys, used to authenticate users and direct them to the right region.
  • Notification emails that are sent to workspace users will be stored in the U.S. for 7 days by our email sending partner.
  • Usage data, used for analytical purposes.
  • Workspace data and user account information used for analytical purposes. This data has been stripped of any information that might be confidential, including issue titles and descriptions, comment content, project names, team names, and document content and initiative names among others.
  • User account information associated with any crashes that happen on the client or when processing a client or API request, in order to be able to debug crashes.

Report a vulnerability

You can read more about reporting any suspected security issues, what's in scope for reports, and other guidelines on our report a vulnerability page.

FAQ

All communication outside our cloud environment is encrypted. In addition, our databases are encrypted at rest.

Contact us at security@linear.app and we can help.

For HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on our Enterprise plan. Contact us at sales@linear.app.

Previous

SCIM

Next

Third-Party App Approvals