> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth0 Data Privacy and Compliance

Auth0 maintains and meets the requirements for multiple compliance frameworks and certifications. To download or request Auth0 compliance documentation, [visit the Support Center](https://support.auth0.com/center/s/compliance). Auth0 will document additional compliance frameworks and certifications on this page when available.

| Read...                                                                                        | To learn...                                                                                         |
| ---------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
| [General Data Protection Regulation Compliance](/docs/secure/data-privacy-and-compliance/gdpr) | What the General Data Protection Regulation (GDPR) is and Auth0's compliance with its requirements. |
| [Data Processing](/docs/secure/data-privacy-and-compliance/data-processing)                    | What data Auth0 stores and how it's used.                                                           |

## Compliance & Certifications

### FAPI

Auth0 supports technical requirements for [FAPI](https://openid.net/wg/fapi/), a set of advanced security profiles specified by the <Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OpenID">OpenID</Tooltip> Foundation. FAPI introduces stricter security standards for industries and scenarios that require more security on top of normal <Tooltip tip="OAuth 2.0: Authorization framework that defines authorization protocols and workflows." cta="View Glossary" href="/docs/glossary?term=OAuth+2.0">OAuth 2.0</Tooltip> and OpenID Connect (OIDC) implementations.

Auth0 is a certified FAPI OpenID Provider for the following two profiles:

* FAPI 1 Advanced OP with mTLS, PAR
* FAPI 1 Advanced OP with Private Key <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JWT">JWT</Tooltip>, PAR

For more information, see [FAPI OpenID Providers (OP) & Profiles](https://openid.net/certification/#FAPI-OP-P).

To understand how we incorporated FAPI capabilities into Auth0, see [Highly Regulated Identity](/docs/secure/highly-regulated-identity).

### GDPR

Auth0 is GDPR ready. Auth0 provides information to its customers to help them understand how features and functionality of the Auth0 platform may affect their GDPR compliance obligations.

### HIPAA and HITECH

Auth0 is considered as a **Business Associate** as defined by the US HIPAA and HITECH legislation. For Auth0 customers who qualify as a **Covered Entity** under US HIPAA legislation and related legislation and regulations and who provide ePHI (electronic Protected Health Information) to Auth0 as part of the Auth0 user profile, Auth0 may qualify as a business associate. Auth0 can provide its **Business Associate Agreement** to you upon request. To learn more about HIPAA, read [Health Information Privacy on hhs.gov](https://www.hhs.gov/hipaa/index.html). To learn more about HITECH, read [HITECH Act Enforcement Final Rules on hhs.gov](https://www.hhs.gov/hipaa/for-professionals/special-topics/HITECH-act-enforcement-interim-final-rule/index.html). HIPAA compliance is not available on Azure deployments.

### CSA STAR

Auth0 is CSA STAR certified. You can review the CSA Consensus Assessments Initiative Questionnaire (CAIQ) and can view our CAIQ and STAR Certificates in the [CSA STAR Registry](https://cloudsecurityalliance.org/star/registry/auth0/).

### ISO 27001/27017/27018

Auth0 undergoes an ISO 27001/27017/27018 audit by an independent auditor annually. To request access to our ISO 27001/27017/27018 certificate, log in to [Auth0 Support Center](http://support.auth0.com) and select the **Compliance** option. We can also share our Statement of Applicability (SOA) upon request with a non-disclosure agreement (NDA) signed by a corporate officer authorized to represent the company. To request the SOA, please contact your account team.

### PCI DSS

Auth0 offers PCI compliant environment deployment models. Our Attestation of Compliance (AOC) and/or Self Assessment Questionnaire (SAQ-D) is available upon request. For a copy of these documents, log in to [Auth0 Support Center](http://support.auth0.com) and select the **Compliance** option.

### Payment Services Directive 2 (PSD2)

We provide the capabilities for customers to build an end-to-end user journey that includes Strong Customer Authentication(SCA) and Dynamic Linking, which dynamically shows transaction details for explicit end-user approval. For more information, read [Highly Regulated Identity](/docs/secure/highly-regulated-identity).

### SOC2

Auth0 undergoes a SOC 2 Type 2 audit by an independent auditor annually. The audit covers all 5 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality and Privacy). For a copy of the SOC 2 report, log in to [Auth0 Support Center](http://support.auth0.com) and select the **Compliance** option.

## Specifications

For information on compliance with technical specifications for authentication, please see our [Protocols](/docs/authenticate/protocols) documentation.

## Learn more

* [Auth0 General Data Protection Regulation Compliance](/docs/secure/data-privacy-and-compliance/gdpr)
* [Auth0 Data Processing](/docs/secure/data-privacy-and-compliance/data-processing)