Mobius

DocsPricing
Sign inGet Started

Security

Enterprise-grade security
for your workflows

Your workflow data is sensitive. We treat security as a core feature, not an afterthought.

Overview

How we protect your data

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Control

Role-based permissions, API key scopes, and audit logs.

Infrastructure

Hosted on SOC 2 Type II compliant cloud infrastructure.

Monitoring

24/7 monitoring, intrusion detection, and anomaly alerts.

Employee Security

Background checks, security training, and least-privilege access.

Network Security

VPC isolation, WAF protection, and DDoS mitigation.

Compliance

Certifications & Compliance

In Progress

SOC 2 Type II

Independent audit of security controls

Compliant

GDPR Compliant

European data protection regulation

Compliant

CCPA Compliant

California consumer privacy

Need a security questionnaire or custom assessment?

We're happy to provide documentation for your security review.

Request Documentation

Practices

Security Practices

Application Security

  • Regular penetration testing by third parties

  • Automated vulnerability scanning in CI/CD

  • Dependency scanning and updates

  • Code review required for all changes

  • OWASP Top 10 protection

Data Protection

  • Customer data isolated by tenant

  • Encryption keys managed via AWS KMS

  • Automatic backups with encryption

  • Data retention controls

  • Secure data deletion on request

Operational Security

  • Multi-factor authentication required

  • SSO support (SAML, OIDC)

  • Session management and timeouts

  • IP allowlisting available

  • Detailed audit logs

Responsible Disclosure

Found a vulnerability?

We appreciate responsible security research. If you discover a vulnerability, please report it to us privately so we can fix it before public disclosure.

We commit to responding within 24 hours and keeping you updated on our progress. We won't take legal action against researchers who follow responsible disclosure practices.

Report a Vulnerability

Email: security@mobius.dev

PGP Key: Available on request

Please include:

- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your contact information

FAQ

Common Questions

Where is my data stored?

Mobius is hosted on AWS in the US (us-east-1 by default). Enterprise customers can request specific regions. All data is encrypted at rest.

Can Mobius employees access my workflow data?

Access to customer data is strictly limited. We only access your data when necessary for support (with your permission) or to address technical issues. All access is logged.

What happens to my data if I cancel?

You can export your data before canceling. After cancellation, we retain data for 30 days in case you change your mind, then permanently delete it.

Do you support SSO?

Yes, we support SAML and OIDC SSO on our Team and Enterprise plans. Contact us to configure SSO for your organization.

Is there a self-hosted option?

Yes, Mobius can be self-hosted for enterprises with strict data residency requirements. Contact us for details.

Have security questions?

Our security team is happy to answer questions and provide additional documentation for your review.

Contact Security Team