Secure, out of the box
We check all the boxes so you can focus on what you do best, building your app and serving your customers.
- SOC 2 Type 2 certified
- GDPR & CCPA compliant
- Annual 3rd-party security penetration tests
- External code audits
Frequently asked questions
Yes, WorkOS is SOC 2 Type 2 & SOC 3 compliant. Visit the Compliance Center in the WorkOS Dashboard to access reports.
Yes, WorkOS is GDPR compliant. Reach out to support@workos.com to request deletion of data.
Yes, WorkOS can sign business associate agreements for customers under enterprise plans.
The data stored by WorkOS is limited to what is sent from the identity providers. For more information, view our Privacy Policy.
Yes, WorkOS provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
The latest penetration test report can be provided to customers after signing an NDA. For more details, contact us.
You can navigate to WorkOS Subprocessors to see the most recent list of data subprocessors.
To report security issues, please refer to our Responsible Disclosure page.