Stormpath Compliance Certifications


HIPAA Compliance Support

Stormpath enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the Stormpath secure authentication and user management service to process, maintain, and store protected health information. Stormpath is able to sign business associate agreements (BAAs) with such customers.


SOC 2 Compliance

Stormpath has achieved SOC 2 certification based upon the results of a rigorous and detailed examination by independent third-party auditors.  The auditors evaluated the suitability of the design of controls related to the security principle set forth by the AICPA, and found that Stormpath’s controls met the standard for SOC 2 certification in all material respects. To request a copy of Stormpath’s SOC 2 report, please email [email protected]


EU-US Privacy Shield Compliance

Stormpath complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Stormpath has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view our certification page, please visit

In compliance with the EU-US Privacy Shield Principles, Stormpath commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact [email protected] OR

Stormpath, Inc.
1825 S Grant Street, Ste 450
San Mateo, CA 94402
Attn: Compliance Dept.