Secure, out of the box

We check all the boxes so you can focus on what you do best, building your app and serving your customers.

  • SOC 2 Type 2 certified
  • GDPR & CCPA compliant
  • Annual 3rd-party security penetration tests
  • External code audits

Frequently asked questions

Is WorkOS SOC 2 compliant?

Yes, WorkOS is SOC 2 Type 2 & SOC 3 compliant. Visit the Compliance Center in the WorkOS Dashboard to access reports.

Is WorkOS GDPR compliant?

Yes, WorkOS is GDPR compliant. Reach out to to request deletion of data.

Can WorkOS sign a HIPAA BAA?

Yes, WorkOS can sign business associate agreements for customers under enterprise plans.

What data do you store?

The data stored by WorkOS is limited to what is sent from the identity providers. For more information, view our Privacy Policy.

Is your data encrypted?

Yes, WorkOS provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).

Can you provide a pen test report?

The latest penetration test report can be provided to customers after signing an NDA. For more details, contact us.

Where can I find the list of data subprocessors?

You can navigate to WorkOS Subprocessors to see the most recent list of data subprocessors.

How can I report security issues?

We review security issues as soon as possible and you can report them by emailing

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.