// Trust & Security Report

    Linear Orbit, Inc. (d/b/a Linear) logo

    Linear Orbit, Inc. (d/b/a Linear)

    Product development / issue-tracking system "Linear" for teams and AI agents — core issue tracking, cycles, and roadmaps, plus AI-driven features (Triage Intelligence, Linear Agents, Linear MCP, Insights, Coding Sessions) and mobile/desktop apps. Single core product sold across Free, Basic, Business, and Enterprise plans with security features gated by tier.

    Certifications held

    4

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Trust Center Compliance/Resources section lists 'SOC 2 Type II (November 2025)' and 'SOC 2 Bridge Letter (June 2026)' as downloadable resources under the 'SOC 2 Type II' compliance filter; linear.app/security states 'Linear undergoes regular Service Organization Controls audits (SOC 2 Type II).'

    Verify on trust.linear.app
    ISO/IEC 27001:2022
    HELD

    Trust Center lists 'ISO 27001 Certificate (April 2026)' and 'ISMS Statement of Applicability (March 2026)' under Compliance/Resources; a Trust Center update post states 'Linear Orbit, Inc. has recently achieved ISO/IEC 27001:2022 certification... We worked with Sensiba LLP to perform our audit... The ISO 27001 certificate and ISMS Statement of Applicability are both available in our Trust Center.'

    Verify on trust.linear.app
    GDPR (compliance posture)
    HELD

    linear.app/security: 'Committed to compliance with Europe's General Data Protection Regulation (GDPR).' Privacy Policy (linear.app/privacy): 'You hereby consent to the transfer of your data to the U.S. pursuant to: (i) a data processing agreement incorporating standard data protection clauses promulgated by the European Commission...' DPA available at linear.app/dpa; workspace data region choice includes 'European Union'.

    Verify on linear.app
    HIPAA
    HELD

    linear.app/docs/security: 'For HIPAA compliance, we offer a Business Associate Agreement (BAA) to customers on our Enterprise plan.' Pricing page (linear.app/pricing) lists 'HIPAA compliance' as an Enterprise-tier feature only, not available on Free/Basic/Business.

    Verify on linear.app
    > Show 5 unconfirmed / not-held certifications
    CSA STAR (registry listing)
    NOT CONFIRMED

    Trust Center lists a self-assessment resource, 'CAIQ Lite Responses (September 2025)', which is a CSA questionnaire self-attestation, not a published CSA STAR registry entry. No listing for Linear/Linear Orbit found on the public CSA STAR registry.

    source: trust.linear.app
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    Trust Center lists an 'AI Security Overview (April 2026)' whitepaper resource, but no ISO 42001 certificate or ISMS-for-AI certification is listed anywhere on trust.linear.app or linear.app. No public evidence of ISO 42001 certification.

    source: trust.linear.app
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification on trust.linear.app, linear.app/security, or linear.app/docs/security. Linear does not directly process customer payment cards (billing is a separate function); no PCI attestation is published.

    source: trust.linear.app
    FedRAMP
    NOT CONFIRMED

    No FedRAMP authorization is referenced on Linear's own trust center or security pages, and Linear does not appear on the public FedRAMP Marketplace. No public evidence of FedRAMP authorization.

    source: trust.linear.app
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    Not listed among the Trust Center's compliance filters (ISO 27001:2022, SOC 2 Type II, GDPR, HIPAA only) or resources. No public evidence of these certifications.

    source: trust.linear.app

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Customer chooses workspace data region at creation: United States or European Union (per linear.app/docs/security).

    linear.app/ai states verbatim: 'Your information is never used to train AI models and remains secure at every step.' The DPA (linear.app/dpa, entity Linear Orbit, Inc., a Delaware corporation, signed May 31, 2025) lists AI model providers as Authorized Sub-Processors in Exhibit B — Anthropic PBC, OpenAI OpCo LLC, Cohere Inc, Fireworks AI Inc, and Braintrust Data Inc — used only to deliver AI features to the customer, and restricts Linear's own processing to purposes set out in the Agreement/Exhibit A. Note: the marketing 'no training' claim is clear and on-domain, but the DPA text sampled did not contain an explicit standalone 'sub-processors shall not train on Customer Data' clause, so enterprise buyers with strict requirements should request written confirmation.

    // Security controls

    Encryption in transit

    HTTPS enforced on all connections; TLS 1.2

    linear.app

    Encryption at rest

    AES 256-bit encryption for data at rest; databases encrypted at rest

    linear.app

    Data residency

    Selectable workspace region: United States or European Union

    linear.app

    Penetration testing

    External Penetration Test Report (October 2025) listed in Trust Center resources

    trust.linear.app

    Subprocessors disclosure

    Published subprocessor list in Trust Center (e.g. Google LLC, Cloudflare Inc., Datadog Inc., Sentry) and DPA Exhibit B, updated with change notifications

    trust.linear.app

    AI subprocessors

    Anthropic PBC, OpenAI OpCo LLC, Cohere Inc, Fireworks AI Inc, Braintrust Data Inc listed as authorized AI sub-processors in DPA Exhibit B

    linear.app

    Authentication (SSO/SAML/SCIM)

    Google SSO on Free/Basic; Google + SAML on Business; SAML and SCIM on Enterprise

    linear.app

    Audit logging & IP restrictions

    Audit log, IP restrictions, and domain claiming available on Enterprise plan only

    linear.app

    Business continuity / DR

    Continuity and Disaster Recovery plans established and tested (per Trust Center controls list)

    trust.linear.app

    Cyber insurance

    Cybersecurity insurance maintained (per Trust Center controls list); Certificate of Insurance (COI) published as a resource

    trust.linear.app

    // Products & data scope

    Linear (Free / Basic)Issue tracking / project management

    data: Team issue, project, and workspace data; Google SSO only

    No SAML/SCIM, no HIPAA BAA, no audit log or IP restrictions.

    Linear BusinessIssue tracking / project management

    data: Adds SAML SSO on top of Business-tier workspace data

    Still lacks SCIM, audit log, IP restrictions, and HIPAA BAA.

    Linear EnterpriseIssue tracking / project management (enterprise tier)

    data: Full workspace data plus SAML+SCIM, audit log, IP restrictions, domain claiming, custom terms/SLA

    Only tier eligible for a signed HIPAA BAA; the vendor's HIPAA posture applies solely to this tier.

    Linear AI features (Triage Intelligence, Linear Agents, Linear MCP)AI-assisted workflow automation

    data: Issue/project content routed to third-party AI model sub-processors (Anthropic, OpenAI, Cohere, Fireworks AI, Braintrust Data) solely to deliver the feature

    Vendor states customer data is not used to train AI models; relies on DPA Exhibit B sub-processor list.

    // What to watch

    • HIPAA compliance (BAA) is only available on the Enterprise plan — Free/Basic/Business customers are not covered and should not process PHI without upgrading and signing a BAA.
    • CSA STAR is not an independently verified registry listing for Linear; the Trust Center only offers a self-attested CAIQ Lite questionnaire response, so it is graded held=false to avoid over-claiming.
    • The DPA text reviewed did not contain an explicit standalone clause prohibiting AI sub-processors from training on Customer Data; the no-training commitment currently rests on the linear.app/ai marketing statement. Enterprise buyers with strict AI-data requirements should request written confirmation from Linear.
    • Do not conflate with similarly named but unrelated companies also indexed by search engines: LinearB (linearb.io, engineering analytics), Linear Health (linear.health), and Linear GmbH / linear.eu (German company) — none of these are Linear Orbit, Inc.'s certifications and were excluded from this assessment.

    // At a glance

    Pricing model

    Per-seat SaaS subscription (Free, Basic $10/user/mo, Business $16/user/mo, custom Enterprise), annual or monthly billing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Linear Orbit, Inc. (d/b/a Linear)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.linear.app

    > Browse all vendor trust reports