Secure, out of the box
We check all the boxes so you can focus on what you do best, building your app and serving your customers.
- SOC 2 Type 2 certified
- GDPR & CCPA compliant
- Annual 3rd-party security penetration tests
- External code audits
Trusted by best-of-breeds to serve enterprises everywhere
security & privacy practices
Data encryption in transport and at restIndustry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
Built on trusted cloud architectureHosted in the U.S. on cloud providers such as AWS that are SOC 2 and ISO 27001 certified.
Your data stays with youUse your existing database to store and manage user records. WorkOS does not sell customer data.
Frequently asked questions
Yes, WorkOS is SOC 2 Type 2 compliant. For more details or to access the report, contact us.
Yes, WorkOS is GDPR compliant, however we currently only support data residency in the United States.
WorkOS is actively pursuing HIPAA and ISO 27001 certifications. For more details, contact us.
Yes, WorkOS provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
The latest penetration test report can be provided to customers after signing an NDA. For more details, contact us.
You can navigate to WorkOS Subprocessors to see the most recent list of data subprocessors.
We review security issues as soon as possible and you can report them by emailing [email protected].