Skip to content

Security: cratejoy/litellm

Security

security.md

Data Privacy and Security

Security Measures

LiteLLM Github

  • All commits run through Github's CodeQL checking

Self-hosted Instances LiteLLM

  • No data or telemetry is stored on LiteLLM Servers when you self host
  • For installation and configuration, see: Self-hosting guided
  • Telemetry We run no telemetry when you self host LiteLLM

LiteLLM Cloud

  • We encrypt all data stored using your LITELLM_MASTER_KEY and in transit using TLS.
  • Our database and application run on GCP, AWS infrastructure, partly managed by NeonDB.
    • US data region: Northern California (AWS/GCP us-west-1) & Virginia (AWS us-east-1)
    • EU data region Germany/Frankfurt (AWS/GCP eu-central-1)
  • All users have access to SSO (Single Sign-On) through OAuth 2.0 with Google, Okta, Microsoft, KeyCloak.
  • Audit Logs with retention policy
  • Control Allowed IP Addresses that can access your Cloud LiteLLM Instance

For security inquiries, please contact us at [email protected]

For security inquiries, please contact us at [email protected]

Supported data regions for LiteLLM Cloud

LiteLLM supports the following data regions:

  • US, Northern California (AWS/GCP us-west-1)
  • Europe, Frankfurt, Germany (AWS/GCP eu-central-1)

All data, user accounts, and infrastructure are completely separated between these two regions

Security Vulnerability Reporting Guidelines

We value the security community's role in protecting our systems and users. To report a security vulnerability:

  • Email [email protected] with details
  • Include steps to reproduce the issue
  • Provide any relevant additional information

We'll review all reports promptly. Note that we don't currently offer a bug bounty program.

There aren’t any published security advisories