Security, Privacy & Compliance

Working with Auth0 means working with a vetted, secure solution & partner who understands that you expect a return on your security investment.

  • Hero Check
  • ISO
  • Hero Check 3
  • SOC 2
  • Hero Check 2
  • GDPR
  • Hero OAuth2
  • EU-US
  • Hero Check 2
  • ISO
  • Hero Check 2

Compliance

  • Cert ISO-27001Cert ISO-27001

    ISO27001

    Auth0 is ISO27001 certified by a third party, managing information security risk in such a way as to comply with a robust design, implementation and continuous monitoring framework.
    Read More
  • Cert SOC IICert SOC II

    SOC 2 Type II

    Auth0 has completed a full third-party SOC 2 Type II audit - an independent auditor has evaluated our product, infrastructure, and policies, and certifies that Auth0 complies with their stringent requirements.
    Read More
  • Cert ISO-27018Cert ISO-27018

    ISO27018

    Auth0 is ISO27018 certified by a third party, complying with security and privacy guidelines for managing PII as a cloud service provider.
    Read More
  • Cert HIPAACert HIPAA

    HIPAA BAA

    Auth0 offers HIPAA BAA agreements to companies in the healthcare industry that must comply with HIPAA regulations for safeguarding patient privacy and sensitive health information.
    Read More
  • cert privacy shieldCert EU-UE

    EU-US Privacy Shield Framework

    Auth0 conforms with the brand-new EU-US Privacy Shield Framework for regulating privacy in data flows between the European Union and the United States. This Framework replaces the EU-US Safe Harbor Framework repudiated in 2015.
    Read More
GDPR blue

GDPR

As a company, Auth0 complies with the General Data Protection Regulation (GDPR). We take customer data privacy seriously, ensuring that:

  • bullet-icon

    Any usage of personal data is communicated with the proper consent.

  • bullet-icon

    All new vendors, assets and activities pertaining to processing personal data are subject to a review of privacy, security and compliance.

  • bullet-icon

    Personal data is properly collected, stored, and documented.

  • bullet-icon

    Relevant processes are followed for transfers of personal data outside the European Union.

  • bullet-icon

    For more information, see our privacy policies here.

  • We also help our customers provide GDPR compliant solutions to their end-users and customers.

Data Sovereignty

Our customers can deploy almost anywhere and can have an on-premises appliance, which means our customers can control where data is stored. For more information, refer to our compliance and security certifications.

See Certifications

Defense-in-depth

  • Product Security

  • Access Management

  • Security Monitoring

  • Endpoint protection

  • Incident Response

  • Vuln. Mgmt

  • Data encryption at-rest and in-transit

  • DDoS protection

Whitepaper Cover

Whitepaper

Auth0 Security Platform

Download
Whitepaper Cover

Auth0 Security Platform

Download Whitepaper
abas-logo

"We hadn't expected to be able to find a partner like Auth0 who would be so focused on security, proper authentication, and yet create a platform that's incredibly well-documented, easy to test, and is HIPAA compliant.”

"AMD has seen a 50% time savings in identity-related development and has saved 200+ hours of annual operations time by using Auth0."

Narath CarlileNarath CarlileChief Medical Information Officer
Read Case Study

People

Meet our patent-holding CISO, Joan Pepin, who brings 20 years of experience to the role, as she shares her thoughts on:

Joan Pepin

Joan Pepin

CISO and VP of Operations

Joan is responsible for the holistic security, compliance and availability of Auth0's platform, products, and corporate environment. She brings 20 years of experience to the role, with a career that has spanned a wide variety of industries.

Contact Auth0's security team directly at:

  • PGP Key

    Download our PGP Key which allows you to send us encrypted emails.

    Download our PGP Key
  • Report a Vulnerability

    Report in our vulnerability disclosure program.

    Report

Never Compromise

on Identity