Infrastructure you can trust

From the very first lines of code, we designed and built LiveKit with security in mind. Protecting your application's realtime and customer data is our highest priority.

Industry-standard Compliance

Our team and technical security measures are regularly and rigorously vetted by reputable third-party auditors.

SOC2 Type II

We comply with the Service Organization Controls Trust Services Criteria set by the AICPA.

GDPR

Our practices fully align with the data protection and privacy laws mandated by the European Union.

HIPAA

We protect patient data in strict adherence with HIPAA and sign BAAs with our customers.

Cloud Defense in Depth

Here are some of the measures we take to ensure LiveKit is secure for you, your team, and end-users.

Secure Hardware

LiveKit Cloud operates as ultra-resilient, multi-cloud infrastructure. Underlying providers were selected for industry-leading security and data protection policies.

Encryption

Connections are established using 256-bit TLS encryption and media streams are encrypted with AES-128. All data at rest is encrypted with AES-256.

Data Storage & Retention

We never record or store audio, video or data streams. Recordings created via API are uploaded directly to a developer-specified storage bucket. Analytics data is retained (encrypted) for a maximum of 14 days.

Strict Security Policies

All LiveKit staff undergo background checks, have minimum-level access to systems required for job duties, and partake in annual security and incident response trainings.

Identity & Access Management

LiveKit Cloud supports SSO and role-based access control over your project's data and analytics. Projects are secured with API keys and one-time-viewable secret keys.

Platform-level Protection

We've embedded security features directly in our software, so your data belongs to you and your customers' data, to them.

JWT Tokens and Room Permissions

Access tokens ensure only your users can access your application. Tokens enforce role-based rules, support TTLs, and are automatically refreshed when used with LiveKit SDKs.

End-to-end Encryption

End-to-end encryption will make it impossible for anyone to access your customers' realtime streams except those they intend. Available to both LiveKit Cloud and self-hosted users.

Security Through Community

Fortune 500s, large private companies, and tens of thousands of developers have downloaded, read, used, customized and deployed our code.

Explore Our Repos

LiveKit's core server, services, client SDKs and components are free, Apache 2.0-licensed open source.

View on GitHub
Security Disclosures

Learn about how to report vulnerabilities, privacy issues, exposed data, or other security issues pertaining to LiveKit assets.

Read the Policy
Hall of Fame

See who's made the LiveKit Responsible Disclosure Hall of Fame for independently researching and reporting vulnerabilities.

Visit the Hall

Try LiveKit Cloud for free

LiveKit Cloud is a cloud realtime platform and the fastest way to prototype and ship to production.

LiveKit Logo
GitHub LogoTwitter Logo

Product

SFU

SDKs

Cloud Dashboard

Cloud Status

© 2024 LiveKit. All rights reserved.

Terms of Service
|
Cookie Policy
|
Privacy Policy