Security and Compliance

Your auth is secure with us

Our team brings decades of security experience to the authentication and identity space. Security is hardwired into every Descope process so you can focus on what you do best.

  • SOC 2 Type 2 certified

  • FIDO certified

  • ISO 27001 certified

  • Multi-region data residency

HeroB2C Icon

Compliant with all major regulations

SOC 2 Logo
ISO 27001 SVG Logo 1
FIDO Alliance Logo
HIPAA Compliant
GDPR compliant logo 1
CSA Star Level 2 Logo White 1 SVG

Enterprise-grade product security

Security Built-In

Security is baked into every part of our platform. Stay protected against SQL injection, clickjacking, and OWASP Top 10 attacks.

Data Encryption

We use HSTS (HTTP Strict Transport Policy) to prevent man-in-the-middle attacks. We use TLS encryption to ensure all communications are secure.

Secure Defaults

Descope comes pre-configured without skimping on security. All defaults chosen for our customers are both secure and usable to give end users a great experience.

Make Informed Decisions

You know your app best. We allow you to change parameters to tweak the level of desired security for your authentication process (e.g. expiration limits, session lengths).

Frequently asked questions

Useful links

Privacy Policy

Learn how we handle user and prospect data.

Terms of Use

Read the terms and conditions of using our authentication platform.

Data Processing Addendum

Read our DPA tied to the terms of use.