Infrastructure you can trust

From the very first lines of code, we designed and built LiveKit with security in mind. Protecting your application's real-time and customer data is our highest priority.

Cloud Defense in Depth

Here are some of the measures we take to ensure LiveKit is secure for you, your team, and end-users.

Cross Platform Icon

SOC2 Type II

We comply with the highest standards of the Service Organization Controls (SOC2) Trust Services Criteria (Type II), set by the AICPA.

Deployment Icon

Secure Hardware

LiveKit Cloud operates as ultra-resilient, multi-cloud infrastructure. Underlying providers were selected for industry-leading security and data protection policies.

Authentication Icon

Encryption

Connections are established using 256-bit TLS encryption and media streams are encrypted with AES-128. All data at rest is encrypted with AES-256.

Doc Icon

Data Storage & Retention

We never record or store audio, video or data streams. Recordings created via API are uploaded directly to a developer-specified storage bucket. Analytics data is retained (encrypted) for a maximum of 14 days.

Settings Icon

Strict Security Policies

All LiveKit staff undergo background checks, have minimum-level access to systems required for job duties, and partake in annual security and incident response trainings.

Person Icon

Identity & Access Management

LiveKit Cloud supports SSO and role-based access control over your project's data and analytics. Projects are secured with API keys and one-time-viewable secret keys.

Platform-level Protection

We've embedded security features directly in our software, so your data belongs to you and your customers' data, to them.

Authentication Icon

JWT Tokens and Room Permissions

Access tokens ensure only your users can access your application. Tokens enforce role-based rules, support TTLs, and are automatically refreshed when used with LiveKit SDKs.

Authentication Icon

End-to-end Encryption

End-to-end encryption will make it impossible for anyone to access your customers' real-time streams except those they intend. This feature will be available to both LiveKit Cloud and OSS users.

In active development

Security Through Community

Thousands of developers have downloaded, read, used, customized and deployed our code. Having the fastest growing WebRTC community means LiveKit's security posture improves faster than anything else.

OpenSource Icon

Explore Our Repos

LiveKit's core server, services, client SDKs and components are free, Apache 2.0-licensed open source.

View on GitHub
List Check Icon

Security Disclosures

Learn about how to report vulnerabilities, privacy issues, exposed data, or other security issues pertaining to LiveKit assets.

Read the Policy
Trophy Icon

Hall of Fame

See who's made the LiveKit Responsible Disclosure Hall of Fame for independently researching and reporting vulnerabilities.

Visit the Hall
Cloud Icon
Cloud Icon

Effortlessly scale with
LiveKit Cloud

LiveKit Cloud is a cloud-native WebRTC platform built and operated by the LiveKit team. With the same open-source APIs, SDKs and features, going to production has never been easier.

Learn more
  • Connectivity IconGlobally distributed infrastructure
  • Deployment IconReal-time analytics and monitoring
  • Performance Icon99.99% uptime
LiveKit Logo
GitHub LogoTwitter Logo

Product

SFU

SDKs

Cloud Dashboard

Cloud Status

Developers

Documentation

Security

Slack

GitHub

Connection

Company

Blog

Careers

About

License