Skip to content →


Learn more about our data security practices and compliance measures.

Lock icon for the security page


Linear is built with best-in-class security practices to keep your work safe and secure at every layer. This includes state-of-the-art encryption, safe and reliable infrastructure partners, and independently verified security controls.

Refer to our Data Processing Agreement (DPA) for specific details:


Linear has completed SOC 2 Type II certification. To receive a copy of the report, email

Data regions

When creating a new workspace, you have the option to select the region you want your data to be stored. The available options are:

  • United States
  • European Union
Your data region selection chosen at workspace creation is permanent, and cannot be updated at a later date.

Most of the data associated with the workspace — including issue descriptions and uploaded attachments—will only be stored in the selected region. There are exceptions in which regardless of the region you select for your workspace, the following data will be stored in the United States:

  • Information about the workspace, all user account information and user created API keys, used to authenticate users and direct them to the right region.
  • Notification emails that are sent to workspace users will be stored in the U.S. for 7 days by our email sending partner.
  • Usage data, used for analytical purposes.
  • Workspace data and user account information used for analytical purposes. This data has been stripped of any information that might be confidential, including issue titles and descriptions, comment content, project names, team names, and document content and initiative names among others.
  • User account information associated with any crashes that happen on the client or when processing a client or API request, in order to be able to debug crashes.

Report a vulnerability

You can read more about reporting any suspected security issues, what's in scope for reports, and other guidelines on our report a vulnerability page.