We get questions about our data security practices and compliance measures so we wanted to share a bit more about that here.
Our founding team includes engineers who worked at Coinbase and Uber, so we take user security seriously and think about it across every aspect of the product.
If you notice a security issue or have a question or concern, you can reach out to us at
email@example.com and we'll respond as soon as possible. We currently do not have a bug bounty program.
Linear has completed SOC 2 Type II certification. To receive a copy of the report, email
firstname.lastname@example.org. If you'd like a copy of the Data Processing Agreement (DPA), please reach out to us at that email as well.
Who is your cloud infrastructure provider and what region is your instance located?
We use Google Cloud Platform and our region is East US.
Who are your sub-processors of data?
This list is updated as of June 3, 2022:
Sub-processor name Description of processing Country in which subprocessing takes place Google LLC Hosting United States Datadog, Inc. Service Monitoring United States Functional Software, Inc. (Also known as Sentry) Error Monitoring United States Retool, Inc. Product Analytics United States FrontApp, Inc. Email Support United States Segment.io, Inc. Product Analytics United States Peaberry Software Inc. (Also known as Customer.io) Messaging United States Circle Internet Services, Inc. (Also known as CircleCI) Developer Tooling United States Hevo Data, Inc. Data Services United States Pocus, Inc. Data-driven Sales United States Elasticsearch BV Document Search The Netherlands Snowflake Data Services & Product Analytics United States Mailgun Technologies, Inc. Email Delivery United States
We do not provide self-hosting or hosting outside of the United States at this time.
All communication outside our cloud environment is encrypted. In addition, our databases are encrypted at rest.
Do you provide OAuth, SAML or advanced authentication controls?
Our Plus plan lets you set up SAML or force a login through Google SSO. All plans offer the option to use Google SSO. Learn more at
linear.app/pricing. All plans have access to OAuth2 authentication for our GraphQL API.
In the login with GSuite, by disabling a GSuite account, will that automatically log them out of Linear?
We check user's GSuite access periodically and disable access when they try to open or login to the application if their GSuite account has been disabled.
Is there any way to disable the ability for certain people to generate personal API keys in the paid plan?
Could you share any details around your practices for reacting to security incidents?
We take security very seriously at Linear due to sensitivity of our customers data. We review security issues as soon as possible and you can report them by emailing email@example.com. In case of a potential severe security incident, we're committed on informing any affected users.
Do you offer permissions or admin roles?
On paid plans you can set admins. Admins have the ability to export issue data, invite and suspend members, as well as to delete workspaces and teams.
We don't offer permissions at the moment but it's on the roadmap.
On the paid version, who has control over setting up and using integrations?
Anyone on the team can set up integrations.
Can you fill out my security assessment?
Unfortunately, as a small team we don't have a lot of bandwidth to fill out custom security assessments. We'll do our best to answer questions and provide support to unblock any requirements if you reach out to us at firstname.lastname@example.org.