Skip to main content

Compliance and certifications

Ory is dedicated to maintaining the highest standards of data security to protect the personal data stored on behalf of our customers. To provide our customers with the assurance the need, Ory has engaged with internationally-recognized certification programs and adopted the best industry practices and technologies to keep our customers' data safe.

ISO 27001

Ory holds a certificate for ISO 27001:2013, which you can can download for inspection. You can also verify the ISO 27001:2013 certification directly with our auditor. The ISO 27001 certification verifies that Ory has an information security management system (ISMS) in place to assure the confidentiality and integrity of your data. Our internal security team is dedicated to ensuring that Ory maintains the highest standards of data protection.

SOC 2 Type 2

Ory is SOC 2 Type 2 certified. SOC 2 is a framework for assessing the security, availability, processing integrity, confidentiality, and privacy of data in service organizations. It is not a standard but a certification that demonstrates that an organization's internal controls and processes meet specific criteria. The Type 2 designation indicates that an independent auditor has evaluated and tested these controls over a period of time (typically three months to a year) to ensure they are effectively implemented. Current and prospective customers interested in obtaining a copy of Ory’s latest SOC 2 report may contact our security team at [email protected].


Ory Network was built with GDPR in mind, making it easy for our customers to respect the rights of data subjects. Ory supports the option of hosting personal data exclusively on EU based servers, which is a key requirement of GDPR compliance. For more details, see GDPR compliance.

OpenID Connect

Ory OAuth2 and OpenID Connect (Ory Hydra) is OpenID certified and details of the certification can be viewed on the OpenID certification page. Ory is certified as an OpenID Provider, satisfying the following OpenID Connect Conformance Profiles: Basic OP, Implicit OP, Hybrid OP, Config OP, and Dynamic OP.