Compliance

Last updated: December 23, 2025

AuthOS is designed to help you meet your regulatory and compliance requirements. We implement robust controls and undergo regular audits to maintain the highest standards of data protection.

Certifications & Standards

SOC 2 Type II

Status: In Progress

We are actively working toward SOC 2 Type II certification, which validates our security, availability, and confidentiality controls.

GDPR

Status: Compliant

AuthOS is fully compliant with the General Data Protection Regulation (GDPR) for handling personal data of EU residents.

Our GDPR commitments:

  • Data Processing Agreement (DPA) available for all customers
  • Right to access, rectify, and delete personal data
  • Data portability support
  • Privacy by design principles
  • 72-hour breach notification
  • Data residency options (EU hosting available)

CCPA

Status: Compliant

We comply with the California Consumer Privacy Act (CCPA) requirements for California residents.

HIPAA

Status: Available (Enterprise)

HIPAA compliance is available for healthcare customers on our Enterprise plan with a signed Business Associate Agreement (BAA).

Data Protection

Data Residency

Choose where your data is stored:

Region Availability
United States Available
European Union Available
Asia Pacific Coming Soon

Data Retention

  • Authentication logs: 90 days (configurable)
  • Audit logs: 1 year (Enterprise: configurable)
  • Deleted user data: Purged within 30 days

Encryption

  • In Transit: TLS 1.3
  • At Rest: AES-256
  • Key Management: HSM-backed

Audit Logs

AuthOS provides comprehensive audit logging for compliance:

  • User authentication events
  • Administrative actions
  • Configuration changes
  • API access logs
  • Security events

Logs can be exported to your SIEM or log management system.

Vendor Security

Subprocessors

We carefully vet all subprocessors. A current list is available upon request and included in our DPA.

Third-Party Audits

  • Annual penetration testing by independent security firms
  • Regular vulnerability assessments
  • Continuous dependency monitoring

Compliance Resources

Documentation

Document Description
Data Processing Agreement GDPR-compliant DPA
Security Whitepaper Detailed security architecture
SOC 2 Report Available upon request (when certified)
Penetration Test Summary Available under NDA

Request Documents

Contact our compliance team to request compliance documentation:

Request Compliance Documents

Your Compliance

AuthOS helps you meet your compliance obligations with:

  • Access Controls: Role-based permissions, SSO enforcement
  • MFA Enforcement: Require multi-factor authentication
  • Audit Trails: Complete authentication history
  • Data Export: GDPR-compliant data portability
  • User Management: SCIM provisioning support

Contact

For compliance inquiries: