Security

Built with security in mind

We treat client data like our own. Here's how we keep it safe.

Controls

Controls we run by default

Encryption

TLS 1.2+ in transit, AES-256 at rest across all managed datastores.

Access control

Least-privilege, SSO + 2FA for every internal tool, quarterly access review.

Hosting

SOC 2 compliant cloud providers (AWS, Cloudflare, Vercel). US data residency available.

Vendor review

Every subprocessor goes through a security review before we send a byte of client data.

Audit logs

Production changes, model calls, and integration writes are logged and retained 12 months.

Incident response

On-call rotation, defined severities, client notification within 72 hours of confirmed incidents.

Security

How Mopshy AI handles security

Security at Mopshy AI starts from the assumption that we are handling sensitive customer data on behalf of our clients — their leads, their pipelines, their internal documents — and that any compromise is a compromise of their customers' trust, not just ours. We treat that responsibility seriously across data handling, access control, vendor selection, and incident response.

Data handling

We minimize what we store, encrypt sensitive data at rest, and use TLS in transit for every external call.

Access controls

Least-privilege access, MFA on every operator account, time-bound credentials for client systems.

Vendor selection

We only build on infrastructure providers with documented security postures — AWS, Google Cloud, Supabase, Cloudflare.

Incident response

Documented escalation paths, customer notification commitments, and post-incident reviews.

Vulnerability reporting

Researchers can responsibly disclose via the address on our contact page; we triage within one business day.

Frequently asked

Are you SOC 2 compliant?
We follow SOC 2-aligned practices and can discuss audit timelines under NDA.
Where is our data stored?
Primarily in US-region cloud infrastructure unless your engagement specifies otherwise.
Can you sign a DPA?
Yes — we sign data processing agreements and BAAs where applicable before the engagement starts.
Do you train models on our data?
No. Client data is not used to train any model. Models we use are configured to disable training on submitted data.

Ready to simplify your business with AI automation?

Let's talk about how intelligent automation can save your team time, reduce errors, and help you focus on what actually drives your business forward.