- SOC 2 - Stytch maintains a SOC 2 Type II report attesting to the company’s compliance with the AICPA’s Trust Services Criteria for Security, Availability, and Confidentiality.
- ISO 27001:2022 - Certified ISMS covering the management and operation of our information security program; certification announced publicly and maintained.
- HIPAA - Stytch is compliant with the Health Insurance Portability and Accountability Act as a business associate.
- GDPR & CCPA - Stytch complies with and is committed to helping customers comply with the General Data Protection Regulation (EU 2016/679 GDPR) and California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA). We’ve made enhancements to our services, processes, and contractual documents in order to help our customers meet their GDPR and CCPA compliance requirements.
- PCI - Stytch supports companies requiring PCI compliance for their vendors. Additionally, Stytch services can support companies with their own PCI requirements.
- EU-U.S./UK/Swiss Data Privacy Framework - Stytch maintains certified participation for cross-border transfers of personal data in accordance with the requirements of the EU-U.S., UK, and Swiss Data Privacy Frameworks.
Security & Trust
Compliance
Regulatory compliance and industry standards
Stytch is committed to trust and transparency. As such, we have a publicly available status site at which you can see the current status of our services and past incidents, as well as subscribe to updates.
Stytch is compliant with a range of industry standards and frameworks and can assist with your own security and regulatory needs: