How to Access LangChain Security & Compliance Information

Last updated: March 27, 2026

For most security and compliance questions, answers can be found in our Trust Center 👉 Visit the LangChain Trust Center

Please request access there first, and follow up with our team if you have additional questions or need further guidance.

If you need to execute our pre-signed Data Processing Addendum (DPA), you can do so directly through DocuSign here by filling out your information and signing.

Note: Once signed, the DPA should be retained for your own records - it does not need to be sent back to LangChain. If your organization requires a co‑signed/countersigned version of the DPA, please contact our Legal/Privacy team with your legal contact details, and they will coordinate the bilateral signing process via DocuSign.

What’s in the Trust Center?

The LangChain Trust Center provides detailed information about:

Infrastructure Security

  • Unique production database authentication enforced

  • Firewall, OS, and network access restricted to authorized users

  • Remote access protected with MFA and encrypted connections

  • Continuous monitoring with intrusion detection and infrastructure performance tools

Organizational Security

  • Employee background checks and confidentiality agreements

  • Security awareness training for all staff

  • Portable media encrypted and assets securely disposed

  • Code of Conduct and disciplinary policies in place

Product Security

  • Data encrypted at rest and in transit

  • Regular penetration testing and vulnerability monitoring

  • Formal development lifecycle (SDLC) with security best practices

Internal Security Procedures

  • Business continuity and disaster recovery plans (tested annually)

  • Incident management and response policies

  • Quarterly access reviews and strong access request controls

  • Documented configuration management and backup processes

Data & Privacy

  • Customer data securely deleted upon leaving the service

  • Retention and disposal procedures in line with best practices

  • Trace data retention periods of 14 or 400 days depending on your configuration

Available Reports & Policies

In the Trust Center, you can also access:

  • SOC 2 Type II Audit Reports

  • LangChain Security & Privacy Policies (GDPR, HIPAA, Risk Management, Access Control, etc.)

  • Penetration Test Executive Summaries

  • Network diagrams and system architecture documentation

  • Current subprocessor list with processing locations

Subprocessors

We maintain transparency about subprocessors used in LangChain services

✅ By centralizing compliance documentation in the Trust Center, we ensure you always have access to the most up-to-date information about LangChain’s security and privacy practices.