Identity data is secure with Ory

Ory is committed to offering secure, privacy-focused products.

Examples of scalable Ory Network capabilities and dashboard metrics

How Ory Network Protects Identity Data

Ory takes extensive privacy, security, and compliance efforts to protect identity data

Experienced security experts

Ory's developers are trained on and adhere to secure coding standards, including applying OWASP Top 10 implementation guidance.

Committed to GDPR compliance

User privacy and security are our most important considerations when creating software. That's why we design our products in accordance with GDPR.

Industry-standard best practices

Ory follows best practices, including zero trust security, encryption, third-party penetration testing, vulnerability scanning, and others.

Compliance

ISO 27001 Certification Pending

Ory is in the process of obtaining ISO 27001 certification.

SOC2 Certification Pending

SOC 2 Type 1 and Type 2 attestation is underway.

Committed to GDPR Compliance

Ory Network products are designed in accordance with GDPR regulations.

EU Located Servers

Ory Network servers are located in the European Union and follow GDPR data protection principles.

Organizational Measures

Access Control

Ory implements the principle of least privilege and conducts regular access control audits.

Secure Software Development Processes

Code undergoes extensive review, testing, and analysis before integration.

Open Sourced Security

Ory's core servers are available as open source, facilitating in-depth scrutiny by a large community of developers and experts

Secure Cloud Deployment

Google Cloud Platform

Google Cloud Platform provides secure and scalable infrastructure that meets Orv's strict requirements and compliance needs.

Logging and Audit Trail

Ory uses logging in its cloud network. enabling forensic analysis of potential incidents.

Technical and Operational Measures

In Transit Encryption

Ory Network forces HTTPS for all services using TLS 1.2 or higher, including our public website and the Console to ensure secure connections.

At Rest Encryption

Any data stored by the Ory Network is encrypted at rest using industry best practice standard AES-256.

Password Encryption

Ory uses salted bcrypt to ensure passwords are stored securely.

Recoverability

Ory Network implements a backup strategy to ensure regular backups are created and stored in an encrypted fashion.

Network Protections

Network Traffic Verification

Ory Network uses Cloudflare for security services on the edge and within clusters including DNS, load balancing, rate limiting, geo-blocking, web application firewalls, edge caching, and DDoS protection.

DDoS Protection

Orv Network is secured using advanced denial-of-service and Web Application Firewall solutions on different layers of the Ory Network stack

Availability & Resiliency

Ory Network ensures all services and data are spread over different data centers and availability zones within them to maximize availability in the case of localized outages.

Vulnerability Management

Third Party Penetration Testing

Thirds party pen tests are conducted on a quarterly basis to ensure regular verification of our systems and procedures.

Bug Bounty

Orv's disclosure and reward program supports anyone who wants to increase the security of the Ory Network by conducting external pen testing.

Automated Vulnerability Scanning

Ory embedded vulnerability scan into the CI/CD pipelines and scans all containers built for deployment. In addition at runtime all containers running in our clusters are scanned continuously to report findings.

Get Started with the Ory Network Today

The Ory Network is a trusted provider of identity infrastructure. Designed for product teams, the Ory Network frees up time to deliver value-add features instead of rebuilding auth. The Ory Network includes unlimited seats and no credit card is required until ready to move to production.