RealtimeKeep your app up to date
AuthenticationOver 80+ OAuth integrations
Convex Components
ComponentsIndependent, modular, TypeScript building blocks for your backend.
Open sourceSelf host and develop locally
AI CodingGenerate high quality Convex code with AI
Compare
Convex vs. Firebase
Convex vs. Supabase
Convex vs. SQL
DocumentationGet started with your favorite frameworks
SearchSearch across Docs, Stack, and Discord
TemplatesUse a recipe to get started quickly
Convex for StartupsStart and scale your company with Convex
Convex ChampionsAmbassadors that support our thriving community
Convex CommunityShare ideas and ask for help in our community Discord
Stack
Stack

Stack is the Convex developer portal and blog, sharing bright ideas and techniques for building with Convex.

Explore Stack
BlogDocsPricing
GitHub
Log inStart building

Platform Security

Last updated September 24, 2024

Security illustration

Developers using Convex are entrusting us with their most important assets—their users' data. Accordingly, security is of the utmost importance to our team.

Practices

  • All customer data (source code, databases, file storage, search indexes) are encrypted at rest using industry-standard 256-bit AES.
  • All data in transit, both internally and externally, are encrypted using standard algorithms like TLS and SSH.
  • Each customer database is isolated with random and unique credentials.
  • Convex utilizes audited access control management systems for granting production access to limited and necessary personnel.
  • All critical internal systems utilize MFA for account security.
  • No customer project data are publicly accessible unless explicitly exposed by customer-authored functions.
  • Convex employs automated vulnerability scanning and intrusion detection within its infrastructure.
  • Our platform conducts third party penetration tests at least annually.
  • Third party systems Convex uses for platform services are audited at least annually for SOC 2 Type II compliance.
  • Convex uses Stripe, a certified PCI Service Provider Level 1, for payment processing.

Compliance

SOC 2 Type II compliant

Convex is SOC 2 Type II compliant, demonstrating our dedication to the highest security and privacy standards for your data's safe management, ensuring robust protection against unauthorized access and data breaches.

HIPAA compliant

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that was enacted in 1996 that requires the protection and confidential handling of protected health information (PHI) by covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. Provided businesses subject to HIPAA sign Convex’s Business Associate Agreement they may process PHI on the platform.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection of and use of personal data of EU residents, and that allows data subjects to exercise control over their data. Convex complies with the GDPR in the delivery of our service to our customers and monitors our privacy program to ensure continuous compliance.

Convex is hosted on AWS, which is certified for SOC 2 Type II, ISO 9001, GDPR, HIPAA, FedRamp, and numerous other standards.

Vulnerability Disclosure Policy

If you believe you've discovered a bug in Convex's security, please get in touch at security@convex.dev and we'll get back to you within 24 hours. We request that you not publicly disclose the issue until we have had a chance to address it.

Get your app up and running in minutes
Start building
Convex logo
ProductSyncRealtimeAuthOpen sourceAI codingChefFAQPricing
DevelopersDocsBlogComponentsTemplatesStartupsChampionsChangelogPodcastLLMs.txt
CompanyAbout usBrandInvestorsBecome a partnerJobsNewsEventsTerms of servicePrivacy policySecurity
SocialTwitterDiscordYouTubeLumaBlueskyGitHub
A Trusted Solution
  • SOC 2 Type II Compliant
  • HIPAA Compliant
  • GDPR Verified
©2025 Convex, Inc.