Auth0 Data Privacy and Compliance

Auth0 Data Privacy and Compliance

Auth0 maintains and meets the requirements for multiple compliance frameworks and certifications. To download or request Auth0 compliance documentation, visit the Support Center. Auth0 will document additional compliance frameworks and certifications on this page when available.

Read... To learn...                                
General Data Protection Regulation Compliance What the General Data Protection Regulation (GDPR) is and Auth0's compliance with its requirements.
Data Processing What data Auth0 stores and how it's used.

Compliance & Certifications

GDPR

Auth0 is GDPR ready. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.

HIPAA and HITECH

Auth0 is considered as a Business Associate as defined by the US HIPAA and HITECH legislation. For Auth0 customers who qualify as a Covered Entity under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its Business Associate Agreement to you upon request. To learn more about HIPAA, read Health Information Privacy on hhs.gov. To learn more about HITECH, read HITECH Act Enforcement Final Rules on hhs.gov.

CSA STAR

Auth0 is CSA STAR certified. You can see our CSA Consensus Assessments Initiative Questionnaire (CAIQ) in our Support Center. You can view our CAIQ and STAR Certificate in the CSA STAR Registry.

ISO 27001/27018

Auth0 undergoes an ISO 27001/27018 audit by an independent auditor annually. You can see our ISO 27001/27018 certificate in our Support Center. We can also share our Statement of Applicability (SOA) upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company. To request the SOA, please contact your assigned Technical Account Manager.

PCI DSS

Auth0 offers PCI compliant environment deployment models. Our Attestation of Compliance (AOC) and/or Self Assessment Questionnaire (SAQ-D) is available upon request. Please contact your assigned Technical Account Manager to request these documents.

SOC2

Auth0 undergoes a SOC 2 Type 2 audit by an independent auditor annually. The audit covers all 5 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality and Privacy). Please contact your assigned Technical Account Manager to request the SOC 2 report.

Specifications

For information on compliance with technical specifications for authentication, please see our protocols documentation.

Learn more