/
Contact usSee pricingStart building
    Introduction
    Support
      Overview
    Message deliverability
      Overview
      Email troubleshooting
      SMS and WhatsApp troubleshooting
    Platform
      Account enumeration
      Supported browsers
      IP validation
      Rate limits
      App store reviews
      User locks
    Security & trust
      Security
      Privacy
      Compliance
    Glossary
Get support on SlackVisit our developer forum

Contact us

Home

/

Resources

/

Security & trust

/

Compliance

Compliance

Stytch is committed to trust and transparency. As such, we have a publicly available status site at which you can see the current status of our services, past incidents, as well as subscribe to updates.

Stytch is compliant with a range of industry standards and frameworks and can assist with your own security and regulatory needs:

  • SOC 2 - Stytch maintains a SOC 2 type II report attesting to the company’s compliance with the AICPA’s Trust Service Criteria for Security, Availability, and Confidentiality.

  • ISO 27001:2022 - Certified ISMS covering the management and operation of our information security program; certification announced publicly and maintained.

  • HIPAA - Stytch is compliant with the Health Insurance Portability and Accountability Act as a business associate.

  • GDPR & CCPA - Stytch complies with and is committed to helping customers comply with the General Data Protection Regulation (EU 2016/679 GDPR) and California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA). We’ve made enhancements to our services, processes, and contractual documents in order to help our customers meet their GDPR and CCPA compliance requirements.

  • PCI - Stytch supports companies requiring PCI compliance for their vendors. Additionally, Stytch services can support companies with their own PCI requirements.

  • EU‑U.S./UK/Swiss Data Privacy Framework - Stytch maintains certified participation for cross‑border transfers of personal data in accordance with the requirements of the EU‑U.S., UK, and Swiss Data Privacy Frameworks.