Security
Learn more about our data security practices and compliance measures.

Overview
Linear is built with best-in-class security practices to keep your work safe and secure at every layer. This includes state-of-the-art encryption, safe and reliable infrastructure partners, and independently verified security controls.
Refer to our Data Processing Agreement (DPA) for specific details.
Under our shared responsibility model, Linear secures the components that we control, including the application layer, underlying platform, and cloud infrastructure. This includes protecting against threats targeting these components through security controls, monitoring, and incident response.
Customers are responsible for how they use Linear. This includes configuring workspace security and access, determining what data they store and retain, managing API keys and integrations, and monitoring their audit log.
Certifications
Linear is compliant with GDPR, SOC 2 Type II, and HIPAA.
For HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on our Enterprise plan. Please contact us at sales@linear.app for more information.
To request other security and compliance documents for Linear, please visit our Trust Center. If you have further questions about any of our certifications, please let us know at support@linear.app.
Data regions
When creating a new workspace, you have the option to select the region where you want your data to be stored. The available options are:
- United States
- European Union
When creating a new workspace, you can choose to store data in the United States or European Union. This setting isn’t self-serve to change later.
Most of the data associated with the workspace — including issue descriptions and uploaded attachments — will only be stored in the selected region. Regardless of the region you select for your workspace, the following data is always stored in the United States:
- Information about the workspace, all user account information and user-created API keys, used to authenticate users and direct them to the right region.
- Notification emails that are sent to workspace users will be stored in the U.S. for 7 days by our email sending partner.
- Usage data, used for analytical purposes.
- Workspace and user account data used for analytics. We remove potentially confidential content, including issue titles and descriptions, comments, project and team names, and document and initiative content.
- User account information associated with any crashes that happen on the client or when processing a client or API request, in order to be able to debug crashes.
Report a vulnerability
You can read more about reporting any suspected security issues, what’s in scope for reports, and other guidelines on our report a vulnerability page.
FAQ
You can export your workspace data. For help deleting data or with other data requests, contact support@linear.app.
For HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on our Enterprise plan. Contact us at sales@linear.app.