We get questions about our data security practices and compliance measures so we wanted to share a bit more about that here.
Our founding team includes engineers who worked at Coinbase and Uber, so we take user security seriously and think about it in every aspect of the product.
If you notice a security issue or have a question or concern, you can reach out to us at
email@example.com and we'll respond as soon as possible. We currently do not have a bug bounty program. Certifications
Linear has completed SOC 2 Type I certification. To receive a copy of the report, email firstname.lastname@example.org. If you'd like a copy of the data processing agreement (DPA), please reach out to us at that email as well.
We use Google Cloud Platform and our region is East US.
This list is updated as of October 14, 2021:
Sub-processor name Description of processing Country in which subprocessing takes place Google, Inc. Hosting United States Datadog, Inc. Service Monitoring United States Functional Software, Inc. Error Monitoring United States Retool, Inc. Product Analytics United States FrontApp, Inc. Email Support United States Segment.io, Inc. Product Analytics United States Amplitude, Inc. Product Analytics United States Customer.io Customer Analytics United States
We do not provide self-hosting or hosting outside of the United States at this time.
All communication outside our cloud environment is encrypted. In addition, our databases are encrypted at rest.
Our Plus plan lets you set up SAML or force a login through Google SSO. All plans offer the option to use Google SSO. Learn more at
linear.app/pricing. All plans have access to OAuth2 authentication for our GraphQL API.
We check user's GSuite access periodically and disable access when they try to open or login to the application if their GSuite account has been disabled.
We take security very seriously at Linear due to sensitivity of our customers data. We review security issues as soon as possible and you can report them by emailing email@example.com. In case of a potential severe security incident, we're committed on informing any affected users.
On paid plans you can set admins. Admins have the ability to export issue data, invite and suspend members, as well as to delete workspaces and teams.
We don't offer permissions at the moment but it's on the roadmap.
Anyone on the team can set up integrations.
Unfortunately, as a small team we don't have a lot of bandwidth to fill out custom security assessments. We'll do our best to answer questions and provide support to unblock any requirements if you reach out to us at firstname.lastname@example.org.