Compliance

Stytch is committed to trust and transparency. As such, we have a publicly available status site at which you can see the current status of our services, past incidents, as well as subscribe to updates.

Stytch is compliant with a range of industry standards and frameworks and can assist with your own security and regulatory needs:

• SOC 2 Trust Service Criteria - Stytch maintains a SOC 2 type II report attesting to the company’s compliance with the AICPA’s Trust Service Criteria for Security, Availability, and Confidentiality.

• ISO 27001 - Stytch maintains certification for the management and operation of an information security management system in conformance with the ISO 27001 standard.

• HIPAA - Stytch is compliant with the Health Insurance Portability and Accountability Act as a business associate.

• GDPR & CCPA - Stytch complies with and is committed to helping customers comply with the General Data Protection Regulation (EU 2016/679 GDPR) and California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA). We’ve made enhancements to our services, processes, and contractual documents in order to help our customers meet their GDPR and CCPA compliance requirements.

• PCI - Stytch supports companies requiring PCI compliance for their vendors. Additionally, Stytch services can support companies with their own PCI requirements.

• PSD2 - Stytch services can help you meet PSD2 and strong customer authentication requirements.