Compliance

Last updated: February 10, 2026

AuthOS provides the technical controls you need to meet your regulatory and compliance requirements. As a self-hosted solution, you maintain full control over your compliance posture.

Certifications & Standards

SOC 2 Type II

Status: Ready

AuthOS is built with the audit logging, access controls, and security features needed for your own SOC 2 compliance.

GDPR

Status: Compliant

AuthOS provides the tools you need to meet GDPR requirements for user data management.

Our GDPR commitments:

  • Tools for Right to Access, Rectify, and Delete
  • Data portability support
  • Privacy by design architecture

CCPA

Status: Compliant

Our data management features support CCPA compliance workflows.

HIPAA

Status: Capable

AuthOS is designed with HIPAA requirements in mind. When self-hosting, you maintain full control over PHI data.

Data Protection

Data Residency

Choose where your data is stored:

Region Availability
Self-Hosted Global

Data Retention

  • Authentication logs: 90 days (configurable)
  • Audit logs: 1 year (configurable)
  • Deleted user data: Purged within 30 days

Encryption

  • In Transit: TLS 1.3
  • At Rest: AES-256
  • Key Management: HSM-backed

Audit Logs

AuthOS provides comprehensive audit logging for compliance:

  • User authentication events
  • Administrative actions
  • Configuration changes
  • API access logs
  • Security events

Logs can be exported to your SIEM or log management system.

Security Assurance

Code Security

We maintain a rigorous security posture for the AuthOS codebase.

  • Dependency Monitoring: Automated scanning for vulnerable dependencies (dependabot/renovate).
  • Static Analysis: Continuous linting and SAST in CI/CD pipelines.
  • Memory Safety: Written in Rust to eliminate entire classes of memory safety vulnerabilities.

External Validation

  • Security audits by independent researchers
  • Public bug bounty program (coming soon)
  • Transparent security disclosures

Documentation

Document Description
Security Architecture Detailed security design
Encryption Specs Cryptographic implementation details
API Reference Security-related API endpoints

Learn More

Visit our documentation to learn how to configure AuthOS for compliance:

Security Documentation

Your Compliance

AuthOS helps you meet your compliance obligations with:

  • Access Controls: Role-based permissions, SSO enforcement
  • MFA Enforcement: Require multi-factor authentication
  • Audit Trails: Complete authentication history
  • Data Export: GDPR-compliant data portability
  • User Management: SCIM provisioning support

Contact

For compliance inquiries: