Infrastructure you can trust
From the very first lines of code, we designed and built LiveKit with security in mind. Protecting your application's real-time and customer data is our highest priority.
Cloud Defense in Depth
Here are some of the measures we take to ensure LiveKit is secure for you, your team, and end-users.
SOC2 Type II
We comply with the highest standards of the Service Organization Controls (SOC2) Trust Services Criteria (Type II), set by the AICPA.
LiveKit Cloud operates as ultra-resilient, multi-cloud infrastructure. Underlying providers were selected for industry-leading security and data protection policies.
Connections are established using 256-bit TLS encryption and media streams are encrypted with AES-128. All data at rest is encrypted with AES-256.
Data Storage & Retention
We never record or store audio, video or data streams. Recordings created via API are uploaded directly to a developer-specified storage bucket. Analytics data is retained (encrypted) for a maximum of 14 days.
Strict Security Policies
All LiveKit staff undergo background checks, have minimum-level access to systems required for job duties, and partake in annual security and incident response trainings.
Identity & Access Management
LiveKit Cloud supports SSO and role-based access control over your project's data and analytics. Projects are secured with API keys and one-time-viewable secret keys.
We've embedded security features directly in our software, so your data belongs to you and your customers' data, to them.
JWT Tokens and Room Permissions
Access tokens ensure only your users can access your application. Tokens enforce role-based rules, support TTLs, and are automatically refreshed when used with LiveKit SDKs.
End-to-end encryption will make it impossible for anyone to access your customers' real-time streams except those they intend. This feature will be available to both LiveKit Cloud and OSS users.
Security Through Community
Thousands of developers have downloaded, read, used, customized and deployed our code. Having the fastest growing WebRTC community means LiveKit's security posture improves faster than anything else.
Explore Our Repos
LiveKit's core server, services, client SDKs and components are free, Apache 2.0-licensed open source.
Learn about how to report vulnerabilities, privacy issues, exposed data, or other security issues pertaining to LiveKit assets.
Hall of Fame
See who's made the LiveKit Responsible Disclosure Hall of Fame for independently researching and reporting vulnerabilities.
Effortlessly scale with
LiveKit Cloud is a cloud-native WebRTC platform built and operated by the LiveKit team. With the same open-source APIs, SDKs and features, going to production has never been easier.
- Globally distributed infrastructure
- Real-time analytics and monitoring
- 99.99% uptime