Trust and security

At Logto, we highly value trust and security. We have taken various measures to ensure the security of our services and established a community that is built on trust.

banner

Trust with openness and transparency

figure

Born open-source, insured by open-source

Logto OSS is available as a self-host option. It offers you an additional layer of insurance when you use Logto Cloud, knowing that even in the unlikely event of Logto's discontinuation, you can still seamlessly transition to your self-hosted version.

      Exceptional developer experience
      Self-hosted assurance
      Watched by a vast community
figure

Strictly adheres to open standards

Logto meticulously adheres to the battle-tested open standard known as OpenID Connect, built on OAuth 2.0. This protocol provides a solid foundation for our services, offering both flexibility and scalability. We also support SAML to meet enterprise-wide needs.

    figure

    Your data, you control

    Logto Cloud offers multiple regions (Europe and US) for data hosting, allowing you to choose the location that best suits your needs. We also provide the assistance you need to export or delete your data, ensuring that you have full control over your information.

      360-degree protection through latest technologies

      Just like you, we appreciate the convenience of cloud services and software-as-a-service solutions. At Logto, we believe that certain complex challenges should be entrusted to professionals, and we employ state-of-the-art technologies to ensure comprehensive security.

      Enforced security, non-negotiable

      Flexible and highly available computing

          Flexible infrastructure
          Computing resources configured for high availability
          Automated failover and disaster recovery

      Data isolation

          Production data is rigorously separated
          Each Logto tenant is allocated a dedicated database connection
          Enforce Row-Level Security on user data tables

      Data protection

          Databases are encrypted at rest
          Regular database backups follow a geo-redundant policy
          Private network enforced
      SOC logo

      SOC 2 Type I

      Logto has undergone the AICPA SOC 2 Type I certification to validate Security, Availability, and Confidentiality controls. With a Type II audit on the horizon, we aim to further demonstrate our commitment to security and compliance.

      Embracing DevSecOps for continuous security

      Before each code change, our systems automatically perform code scanning and penetration tests. This proactive approach allows us to identify and rectify potential security weaknesses at an early stage, ensuring that our services remain robust and resilient against emerging threats.

      DevSecOps flow

      Unlock more with Logto Cloud

      Experience safety and trust in Logto Cloud