Built with security in mind
We treat client data like our own. Here's how we keep it safe.
Controls we run by default
Encryption
TLS 1.2+ in transit, AES-256 at rest across all managed datastores.
Access control
Least-privilege, SSO + 2FA for every internal tool, quarterly access review.
Hosting
SOC 2 compliant cloud providers (AWS, Cloudflare, Vercel). US data residency available.
Vendor review
Every subprocessor goes through a security review before we send a byte of client data.
Audit logs
Production changes, model calls, and integration writes are logged and retained 12 months.
Incident response
On-call rotation, defined severities, client notification within 72 hours of confirmed incidents.
How Mopshy AI handles security
Security at Mopshy AI starts from the assumption that we are handling sensitive customer data on behalf of our clients — their leads, their pipelines, their internal documents — and that any compromise is a compromise of their customers' trust, not just ours. We treat that responsibility seriously across data handling, access control, vendor selection, and incident response.
Data handling
We minimize what we store, encrypt sensitive data at rest, and use TLS in transit for every external call.
Access controls
Least-privilege access, MFA on every operator account, time-bound credentials for client systems.
Vendor selection
We only build on infrastructure providers with documented security postures — AWS, Google Cloud, Supabase, Cloudflare.
Incident response
Documented escalation paths, customer notification commitments, and post-incident reviews.
Vulnerability reporting
Researchers can responsibly disclose via the address on our contact page; we triage within one business day.
Frequently asked
- Are you SOC 2 compliant?
- We follow SOC 2-aligned practices and can discuss audit timelines under NDA.
- Where is our data stored?
- Primarily in US-region cloud infrastructure unless your engagement specifies otherwise.
- Can you sign a DPA?
- Yes — we sign data processing agreements and BAAs where applicable before the engagement starts.
- Do you train models on our data?
- No. Client data is not used to train any model. Models we use are configured to disable training on submitted data.
Related
Ready to simplify your business with AI automation?
Let's talk about how intelligent automation can save your team time, reduce errors, and help you focus on what actually drives your business forward.