1. Data Encryption

Mosaico employs rigorous encryption standards to ensure your business data remains private and secure at all times:

• At Rest: All database entries and file storage are encrypted using 256-bit Advanced Encryption Standard (AES-256).
• In Transit: Data moving between your browser, our servers, and store integrations is protected via Transport Layer Security (TLS) 1.2 or higher.

2. Infrastructure & Hosting

Our platform is built on top of cloud platforms, leveraging world-class data centers that comply with SOC 2, ISO 27001, and PCI-DSS Level 1 standards.

3. Incident Response Protocol

In the event of a suspected security incident, Mosaico commits to notifying affected merchants and third-party integrations within 72 hours of a confirmed data breach involving PII.

4. Access Control

We enforce the Principle of Least Privilege (PoLP). Access to production databases is strictly limited to essential personnel and requires multi-factor authentication (MFA). All access is handled via secure OAuth 2.0 tokens.

5. Compliance & Privacy

MOSAICO IS DESIGNED TO BE COMPLIANT WITH CONNECTED STORES' PROTECTED CUSTOMER DATA REQUIREMENTS. WE REGULARLY AUDIT OUR SCOPES TO ENSURE WE ONLY ACCESS THE MINIMUM DATA NECESSARY TO FULFILL YOUR LOGISTICS NEEDS.

6. Reporting Vulnerabilities

We value the input of the security community. If you believe you have found a security vulnerability in Mosaico, please contact us at security@mosaicohq.com.