Auth0 Compliance and Certifications
Auth0 maintains and meets the requirements for multiple compliance frameworks and certifications. To download or request Auth0 compliance documentation, go to Support Center. Auth0 will document additional compliance frameworks and certifications on this page when available.
Auth0 is GDPR ready. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.
Auth0 is certified under the Privacy Shield Program, specifically the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
HIPAA and HITECH
Auth0 is considered as a Business Associate as defined by the US HIPAA and HITECH legislation. For Auth0 customers who qualify as a Covered Entity under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its Business Associate Agreement to you upon request.
Auth0 is CSA STAR certified. Auth0's CSA Consensus Assessments Initiative Questionnaire (CAIQ) is available in our Support Center. You can also view our CAIQ and STAR Certificate in the CSA STAR Registry.
Auth0 undergoes an ISO 27001/27018 audit by an independent auditor annually. Our ISO 27001/27018 certificate is available in our Support Center. We can also share our Statement of Applicability (SOA) upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company. To request the SOA, please contact your assigned Technical Account Manager.
PCI certification is available as an add-on for Auth0's Private Cloud deployment model. Auth0 undergoes a PCI audit by an independent auditor annually. Our Attestation of Compliance (AOC) is available upon request. To request the AOC, please contact your assigned Technical Account Manager.
For information on compliance with technical specifications for authentication, please see our protocols documentation.