Social logins out of the box.
Simply toggle your preferred social provider in the dashboard.
Auth and user management built to pass audits.
We help you stay GDPR-compliant while your application scales, so you can build, ship, and pass the next audit without scrambling.
The components
Five lines to production auth.
Drop-in React components with typed APIs, full theming, and no CSS framework lock-in. OAuth and password sign-in, all in the same form.
Capabilities
Everything you need for auth.
MFA, social and national-eID sign-in, and scoped API keys: a complete auth platform built for EU teams.
Sessions you can revoke.
The full session lifecycle: active-device monitoring and one-click revocation. Kill a stolen session from any device.
National eID, first-class.
MitID via Signicat out of the box, enabled with a toggle in the dashboard.
MFA, enforced at sign-in.
Self-serve TOTP and recovery codes. Each user's factors are enforced automatically, no extra wiring.
Production-ready API keys.
Issue scoped, revocable keys to your users, no boilerplate, no bespoke UI.
Your data stays in Europe.
Your users' data lives on Hetzner Germany. No US-controlled processors, no Schrems II roulette, no quiet sub-processor swaps.
Audit logging out of the box.
Every admin and user action captured as a structured audit event, available as a usage-based add-on. When the Danish Data Protection Agency asks, you hand them one file.
FAQ
Why Torii?
Because we share your legal exposure. Torii is a European company, EU-hosted and subject to European law, exactly like our customers. If we're not GDPR-compliant, we face the same fines you do. Providers outside the EU don't carry that risk; when something goes wrong, it's their customers who pay the bill. With Torii, compliance isn't a feature we sell you; it's our own liability too.
Is Torii self-hosted or a managed service?
Torii is an EU-hosted managed service: you get the residency and compliance guarantees without operating any infrastructure yourself.
What happens when a user is exported or deleted?
Session revocation, data export and deletion are first-class and fully audit-logged, so you can answer a data-subject request or a regulator with a single file.
Still have a question? Get in touch
Reach out
Fifteen minutes. No slide deck.
Book a demo or just ask a question: we’ll walk through your identity stack, your GDPR exposure, and the fastest path to Torii. If we’re not a fit, we’ll tell you.