Secure, out of the box

We check all the boxes so you can focus on what you do best, building your app and serving your customers.

  • SOC 2 Type 2 certified
  • GDPR & CCPA compliant
  • Annual 3rd-party security penetration tests
  • External code audits

Trusted by best-of-breeds to serve enterprises everywhere

Read the WorkOS Security white paper
Check your email
Oops! Something went wrong while submitting the form.

Enterprise-grade
security & privacy practices

  • Data encryption in transport and at rest

    Industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).
  • Built on trusted cloud architecture

    Hosted in the U.S. on cloud providers such as AWS that are SOC 2 and ISO 27001 certified.
  • Your data stays with you

    Use your existing database to store and manage user records. WorkOS does not sell customer data.

Frequently asked questions

Is WorkOS SOC2 compliant?
in progress

Yes, WorkOS is SOC2 Type 2 compliant. For more details or to access the report, contact us.

Is WorkOS GDPR compliant?
in progress

Yes, WorkOS is GDPR compliant, however we currently only support data residency in the United States.

Is WorkOS HIPAA and ISO compliant?
in progress

WorkOS is actively pursuing HIPAA and ISO 27001 certifications. For more details, contact us.

What data do you store?
in progress

The data stored by WorkOS is limited to what is sent from the identity providers. For more information, view our Privacy Policy.

Is your data encrypted?
in progress

Yes, WorkOS provides industry-standard encryption at rest (AES-256) and in transit (HTTPS/TLS).

Can you provide a pen test report?
in progress

The latest penetration test report can be provided to customers after signing an NDA. For more details, contact us.

Where can I find the list of data subprocessors?
in progress

You can navigate to WorkOS Subprocessors to see the most recent list of data subprocessors.

How can I report security issues?
in progress

We review security issues as soon as possible and you can report them by emailing [email protected].

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.