Auth0 is certified under the Privacy Shield Program, specifically the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. You can find further details on our Privacy page.
Auth0 is considered a Business Associate as defined by the US HIPAA and HITECH legislation.
For Auth0 customers who qualify as a Covered Entity under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its Business Associate Agreement to such customers upon request.
Auth0 undergoes a SOC 2 Type II audit by an independent auditor annually. This audit covers our product, infrastructure, and policies. The SOC 2 Type II Audit Report is available to enterprise level customers upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company.
Auth0 is working toward GDPR readiness. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.
Auth0 will document additional compliance frameworks and certifications on this page when available.
For information on compliance with technical specifications for authentication, please see Protocols.