Platform Security

Last updated September 24, 2024

Security illustration

Developers using Convex are entrusting us with their most important assets—their users' data. Accordingly, security is of the utmost importance to our team.

Practices

Compliance

SOC 2 Type I compliant

Convex is SOC 2 Type I compliant, demonstrating our dedication to the highest security and privacy standards for your data's safe management, ensuring robust protection against unauthorized access and data breaches.

HIPAA compliant

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that was enacted in 1996 that requires the protection and confidential handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. Provided businesses subject to HIPAA sign Convex’s Business Associate Agreement they may process PHI on the platform.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection of and use of personal data of EU residents, and that allows data subjects to exercise control over their data. Convex complies with the GDPR in the delivery of our service to our customers and monitors our privacy program to ensure continuous compliance.

Convex is hosted on AWS, which is certified for SOC 2 Type II, ISO 9001, GDPR, HIPAA, FedRamp, and numerous other standards.

Vulnerability Disclosure Policy

If you believe you've discovered a bug in Convex's security, please get in touch at security@convex.dev and we'll get back to you within 24 hours. We request that you not publicly disclose the issue until we have had a chance to address it.

Start now

Get your project up and running in minutesGet started
©2024 Convex, Inc.