Compliance

Stytch is committed to trust and transparency. As such, we have a publicly available status site at which you can see the current status of our services, past incidents, as well as subscribe to updates.

Stytch is compliant with a range of industry standards and frameworks and can assist with your own security and regulatory needs:

• SOC 2 - Stytch maintains a SOC 2 type II report attesting to the company’s compliance with the AICPA’s Trust Service Criteria for Security, Availability, and Confidentiality.

• ISO 27001:2022 - Certified ISMS covering the management and operation of our information security program; certification announced publicly and maintained.

• HIPAA - Stytch is compliant with the Health Insurance Portability and Accountability Act as a business associate.

• GDPR & CCPA - Stytch complies with and is committed to helping customers comply with the General Data Protection Regulation (EU 2016/679 GDPR) and California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA). We’ve made enhancements to our services, processes, and contractual documents in order to help our customers meet their GDPR and CCPA compliance requirements.

• PCI - Stytch supports companies requiring PCI compliance for their vendors. Additionally, Stytch services can support companies with their own PCI requirements.

• EU‑U.S./UK/Swiss Data Privacy Framework - Stytch maintains certified participation for cross‑border transfers of personal data in accordance with the requirements of the EU‑U.S., UK, and Swiss Data Privacy Frameworks.