Security and Compliance
Your auth is secure with us
Our team brings decades of security experience to the authentication and identity space. Security is hardwired into every Descope process so you can focus on what you do best.
SOC 2 Type 2 certified
ISO 27001 certified
Regular external security penetration tests
Enterprise-grade product security
Security is baked into every part of our platform. Stay protected against SQL injection, clickjacking, and OWASP Top 10 attacks.
We use HSTS (HTTP Strict Transport Policy) to prevent man-in-the-middle attacks. We use TLS encryption to ensure all communications are secure.
Descope comes pre-configured without skimping on security. All defaults chosen for our customers are both secure and usable to give end users a great experience.
You know your app best. We allow you to change parameters to tweak the level of desired security for your authentication process (e.g. expiration limits, session lengths).
Frequently asked questions
Learn how we handle user and prospect data.
Read the terms and conditions of using our authentication platform.
Data Processing Addendum