Auth0 Data Privacy and Compliance

Auth0 Data Privacy and Compliance

Auth0 maintains and meets the requirements for multiple compliance frameworks and certifications. To download or request Auth0 compliance documentation, visit the Support Center. Auth0 will document additional compliance frameworks and certifications on this page when available.

Read... To learn...                                
General Data Protection Regulation Compliance What the General Data Protection Regulation (GDPR) is and Auth0's compliance with its requirements.
Data Processing What data Auth0 stores and how it's used.

Compliance & Certifications


Auth0 is GDPR ready. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.


Auth0 is considered as a Business Associate as defined by the US HIPAA and HITECH legislation. For Auth0 customers who qualify as a Covered Entity under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its Business Associate Agreement to you upon request. To learn more about HIPAA, read Health Information Privacy on To learn more about HITECH, read HITECH Act Enforcement Final Rules on


Auth0 is CSA STAR certified. You can review the CSA Consensus Assessments Initiative Questionnaire (CAIQ) in Auth0 Support Center. You can view our CAIQ and STAR Certificate in the CSA STAR Registry.

ISO 27001/27018

Auth0 undergoes an ISO 27001/27018 audit by an independent auditor annually. You can see our ISO 27001/27018 certificate in our Support Center. We can also share our Statement of Applicability (SOA) upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company. To request the SOA, please contact your assigned Technical Account Manager or Account Executive.


Auth0 offers PCI compliant environment deployment models. Our Attestation of Compliance (AOC) and/or Self Assessment Questionnaire (SAQ-D) is available upon request. For a copy of these documents, log in to Auth0 Support Center and select the Compliance option.


Auth0 undergoes a SOC 2 Type 2 audit by an independent auditor annually. The audit covers all 5 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality and Privacy). Log in to Auth0 Support Center and select the Compliance option for a copy of the SOC 2 report.


For information on compliance with technical specifications for authentication, please see our protocols documentation.

Learn more

Was this article helpful?