Auth0 Home Blog Docs

GDPR FAQ for Auth0 Customers


What security accreditations does Auth0 hold?

Auth0 has a SOC-2 Type 2 report, which is available under NDA. Additionally, Auth0 is currently undergoing ISO 27001:2013 certification. A certificate is targeted to be available in July 2018

I need Auth0 to sign a DPA, how do I get one signed?

A DPA is available to all Enterprise customers. For all Non-Enterprise, we updated their self-service terms and conditions on May 24, 2018. These terms incorporate all applicable GDPR requirements and do not require an additional DPA.

Where do you keep our data (country/jurisdiction)

The EMEA region is AWS Frankfurt with a secondary failover to AWS Dublin.

For how long do you keep our data?

Auth0’s default data retention policy will hold a customer’s customer data in backups for 14 months. Live data can be deleted from Auth0 at any point but will remain in backups for a further 14 months.

What do you do with our data specifically?

Auth0 only stores the data and will only access the data as part of the support process when required. Auth0 does not share any data with third parties other than the third parties we use to provide our service, these can be found here:

For further information please contact

closed #2