Longwave
Longwave
Log InBook a Demo

Trust Center

How Longwave protects MSP and client data.

Security foundations

The security practices built into the Longwave platform.

SOC 2

Type I certified. Type II currently in audit. Both reports are available under NDA through our trust portal.

Encryption

TLS 1.2+ in transit. AES-256 at rest. Keys rotated regularly.

Tenant Isolation

Row-level security per tenant. No cross-tenant access at any layer.

Secure Subprocessors

A minimal set of subprocessors, each SOC 2 certified in their own right. Full list available on request.

What data we store

Per-tenant control over what gets captured, how long it's kept, and how it's deleted.

  • Choose what's captured

    Full prompt content, metadata only, or no content at all. Configure once per tenant; default is metadata only.

  • Set your own retention

    Pick a retention window per tenant, from a few days to the lifetime of the engagement. Logs roll off automatically when they expire.

  • Delete or export on request

    Full data export available at any time. On termination or written request, all tenant data is deleted within 30 days.

Available resources

Request access through our trust portal and we'll share the relevant artifacts under NDA. Most documents are available within one business day.

SOC 2

Our Type I auditor's report, plus a letter of attestation from our auditor confirming Type II is in audit.

Cyber insurance certificate

Proof of coverage limits and carrier.

Additional documentation on request

Custom security questionnaires, subprocessor lists, data flow diagrams, and more.

Security FAQ

How do I request a SOC 2 report or other security resources?

Reach out to security@longwavehq.com and we'll share the relevant artifacts under NDA.

Does Longwave use customer data to train AI models?

No. We don't train models on customer data, and we don't sell or share customer data with third parties.

How do I report a security vulnerability?

Please report any suspected security vulnerabilities to security@longwavehq.com. Our team acknowledges reports within 24 hours and follows responsible disclosure practices.

Need something specific?

Reach out to our security team and we'll route your request to the right place.