Auth0 Data Privacy and Compliance
Auth0 maintains and meets the requirements for multiple compliance frameworks and certifications. To download or request Auth0 compliance documentation, visit the Support Center. Auth0 will document additional compliance frameworks and certifications on this page when available.
|General Data Protection Regulation Compliance||What the General Data Protection Regulation (GDPR) is and Auth0's compliance with its requirements.|
|Data Processing||What data Auth0 stores and how it's used.|
Compliance & Certifications
Auth0 is GDPR ready. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.
HIPAA and HITECH
Auth0 is considered as a Business Associate as defined by the US HIPAA and HITECH legislation. For Auth0 customers who qualify as a Covered Entity under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its Business Associate Agreement to you upon request. To learn more about HIPAA, read Health Information Privacy on hhs.gov. To learn more about HITECH, read HITECH Act Enforcement Final Rules on hhs.gov.
Auth0 is CSA STAR certified. You can see our CSA Consensus Assessments Initiative Questionnaire (CAIQ) in our Support Center. You can view our CAIQ and STAR Certificate in the CSA STAR Registry.
Auth0 undergoes an ISO 27001/27018 audit by an independent auditor annually. You can see our ISO 27001/27018 certificate in our Support Center. We can also share our Statement of Applicability (SOA) upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company. To request the SOA, please contact your assigned Technical Account Manager.
Auth0 offers PCI compliant environment deployment models. Our Attestation of Compliance (AOC) and/or Self Assessment Questionnaire (SAQ-D) is available upon request. Please contact your assigned Technical Account Manager to request these documents.
Auth0 undergoes a SOC 2 Type 2 audit by an independent auditor annually. The audit covers all 5 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality and Privacy). Please contact your assigned Technical Account Manager to request the SOC 2 report.
For information on compliance with technical specifications for authentication, please see our protocols documentation.