← All providers

Auth0

AuthMedium RiskVerified 2026-03-05
Visit website
Overview
HeadquartersπŸ‡ΊπŸ‡Έ USBellevue
Parent CompanyOkta(πŸ‡ΊπŸ‡Έ US)
US IncorporatedYes
CLOUD Act ExposureYes
InfrastructureAmazon Web Services
Regions (4 in 4 countries)
πŸ‡ΊπŸ‡Έ US
US Β· Ashburn
πŸ‡©πŸ‡ͺ DE
EU Frankfurt Β· Frankfurt
πŸ‡¦πŸ‡Ί AU
AU Sydney Β· Sydney
πŸ‡―πŸ‡΅ JP
JP Tokyo Β· Tokyo
Compliance & Data

Certifications

βœ“ SOC 2βœ“ ISO 27001βœ“ GDPRβœ“ HIPAAβœ“ PCI DSS

Data Types Handled

Auth DataPII
Applicable Laws (6)

Applies to businesses meeting revenue or data volume thresholds that handle California residents' data.

Max fine: USD 7,500 per intentional violationvia πŸ‡ΊπŸ‡Έ US
CLOUD ActUnited States

Any US-incorporated provider or subsidiary may be compelled to disclose data regardless of where it is stored.

Max fine: Contempt of court penaltiesvia πŸ‡ΊπŸ‡Έ US

Cross-border transfers require consent or equivalent protection standards recognized by Japan's PPC.

Max fine: JPY 100M for corporate violationsvia πŸ‡―πŸ‡΅ JP

Cross-border transfers to non-adequate countries require SCCs, BCRs, or other safeguards.

Max fine: 4% of global annual turnover or EUR 20Mvia πŸ‡©πŸ‡ͺ DE
FISA Section 702United States

US providers may be subject to surveillance orders targeting non-US persons, creating risk for EU data subjects.

Max fine: Contempt of court penaltiesvia πŸ‡ΊπŸ‡Έ US

Organizations must take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs.

Max fine: AUD 50M or 30% of adjusted turnover (whichever is greater)via πŸ‡¦πŸ‡Ί AU