Infrastructure you can trust
From the very first lines of code, we designed and built LiveKit with security in mind. Protecting your application's realtime and customer data is our highest priority.
Industry-standard Compliance
Our team and technical security measures are regularly and rigorously vetted by reputable third-party auditors.
SOC2 Type II
We comply with the Service Organization Controls Trust Services Criteria set by the AICPA.
GDPR
Our practices fully align with the data protection and privacy laws mandated by the European Union.
HIPAA
We protect patient data in strict adherence with HIPAA and offer BAAs to our customers.
Cloud Defense in Depth
Here are some of the measures we take to ensure LiveKit is secure for you, your team, and end-users.
Secure Hardware
LiveKit Cloud operates as ultra-resilient, multi-cloud infrastructure. Underlying providers were selected for industry-leading security and data protection policies.
Encryption
Data transit uses TLS 1.2+ for non-streaming data and TLS, DTLS, and SRTP for streaming data. All data at rest is encrypted with AES-256.
Data Storage & Retention
LiveKit only records stream data if recording features are used (such as agent observability). These features can keep records in LiveKit systems for up to 30 days.
Strict Security Policies
All LiveKit staff undergo background checks, have minimum-level access to systems required for job duties, and partake in annual security and incident response trainings.
Identity & Access Management
LiveKit Cloud supports SSO and role-based access control over your project's data and analytics. Programatic access is provided by short-lived JWTs.
Platform-level Protection
We've embedded security features directly in our software, so your data belongs to you and your customers' data, to them.
JWT Tokens and Room Permissions
Access tokens ensure only your users can access your application. Tokens enforce role-based rules, support TTLs, and are automatically refreshed when used with LiveKit SDKs.
End-to-end Encryption
End-to-end encryption will make it impossible for anyone to access your customers' realtime streams except those they intend. Available to both LiveKit Cloud and self-hosted users.
Security Through Community
Fortune 500s, large private companies, and tens of thousands of developers have downloaded, read, used, customized and deployed our code.
Explore Our Repos
LiveKit's core server, services, client SDKs and components are free, Apache 2.0-licensed open source.
View on GitHubSecurity Disclosures
Learn about how to report vulnerabilities, privacy issues, exposed data, or other security issues pertaining to LiveKit assets.
Read the PolicyHall of Fame
See who's made the LiveKit Responsible Disclosure Hall of Fame for independently researching and reporting vulnerabilities.
Visit the HallTry LiveKit Cloud for free
LiveKit Cloud is a cloud realtime platform and the fastest way to prototype and ship to production.