Last updated September 24, 2024
Developers using Convex are entrusting us with their most important assets—their users' data. Accordingly, security is of the utmost importance to our team.
Convex is SOC 2 Type I compliant, demonstrating our dedication to the highest security and privacy standards for your data's safe management, ensuring robust protection against unauthorized access and data breaches.
The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that was enacted in 1996 that requires the protection and confidential handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. Provided businesses subject to HIPAA sign Convex’s Business Associate Agreement they may process PHI on the platform.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection of and use of personal data of EU residents, and that allows data subjects to exercise control over their data. Convex complies with the GDPR in the delivery of our service to our customers and monitors our privacy program to ensure continuous compliance.
Convex is hosted on AWS, which is certified for SOC 2 Type II, ISO 9001, GDPR, HIPAA, FedRamp, and numerous other standards.
If you believe you've discovered a bug in Convex's security, please get in touch at security@convex.dev and we'll get back to you within 24 hours. We request that you not publicly disclose the issue until we have had a chance to address it.