ComplianceCheckup

Is Auth0 GDPR Compliant?

Auth0 privacy and compliance overview. Last scanned: 1 months ago.

Auth0 scored 73/100 (grade C), with 4 passing signal(s) and 3 area(s) needing attention. Top area to address: CCPA/CPRA partial: "Do Not Sell or Share" link detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. This is an automated technical assessment, not a legal compliance certification.

C

73/100

Privacy and compliance score

Scanned May 17, 2026 in fetch mode.

Security headers

0/10

4 security headers missing: Strict-Transport-Security (max-age >= 31536000), Content-Security-Policy, X-Content-Type-Options: nosniff, X-Frame-Options (or CSP frame-ancestors).

CCPA / CPRA disclosures

3/8

CCPA/CPRA partial: "Do Not Sell or Share" link detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance.

Privacy policy

6/10

Privacy policy found but may be incomplete or outdated.

Cookie consent banner

12/12

No tracking detected: consent banner not required.

Accessibility (WCAG 2.x AA)

7/15

Accessibility scan unavailable in fetch mode.

COPPA signal

5/5

No COPPA language detected.

Pre-consent tracking

23/23

No third-party trackers detected before consent.

DPA and sub-processor list

7/7

DPA reference and sub-processor list both found.

AI training stance

5/5

AI training opt-out disclosure found in privacy policy.

Hosting region disclosure

5/5

Data hosting region disclosed in privacy policy.

Does Auth0 self-report SOC 2, HIPAA, or PCI compliance?

The following is based on Auth0's public documentation. ComplianceCheckup has not independently audited these claims.

StandardStatus
SOC 2Type II certified
HIPAANot publicly documented for Auth0
PCI DSSNot publicly documented for Auth0
GDPRSee scan results above
CCPASee scan results above

Frequently asked questions about Auth0 compliance

Is Auth0 GDPR compliant?

Auth0 received a privacy grade of C (73/100) in our automated scan. 4 security headers missing: Strict-Transport-Security (max-age >= 31536000), Content-Security-Policy, X-Content-Type-Options: nosniff, X-Frame-Options (or CSP frame-ancestors). For a complete GDPR assessment, consult a qualified privacy professional.

Does Auth0 offer a Data Processing Agreement (DPA)?

Yes. Auth0 provides a DPA linked in the Legal documents section above. Review it carefully and sign before transferring personal data.

Is Auth0 SOC 2 certified?

Auth0 holds a SOC 2 Type II certification.

What are Auth0's biggest privacy risks?

Based on our automated scan, the top areas of concern are: CCPA / CPRA disclosures, Security headers, Privacy policy. CCPA/CPRA partial: "Do Not Sell or Share" link detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. These findings are automated and may not capture all risks.

How does Auth0 handle CCPA?

CCPA/CPRA partial: "Do Not Sell or Share" link detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. CCPA requires businesses handling California residents' data to disclose data practices, honor opt-out requests, and support the Global Privacy Control (GPC) signal. Our scan checks for GPC support and CCPA-relevant cookie disclosures.

Not legal advice. The scan grade is an automated technical assessment and does not constitute legal or compliance advice. Self-reported claims have not been independently verified. Results may contain false positives or miss issues that cannot be detected programmatically. Consult a qualified attorney or compliance professional for your specific situation.