hey @User we don't have any such formal material other than for sessions: - https://supertokens.com/blog/all-you-need-to-know-about-user-session-security All the code itself is open source, so feel free to inspect that. There could be open source users who require FDA approval that use SuperTokens. There is Circadia that is FDA approved and was using us for session management. It it is likely they still are (but cant gaurantee).