Your security is our top priority. Mogara takes every step possible to ensure your data is protected and safe. We are SOC 2 Type 1 compliant. Please send questions or report issues to security@mogara.com.
We encrypt data at rest and in transit. All connections to Mogara are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A grade for Qualys/SSL labs. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys. We use industry-standard AWS-managed storage systems.
Changes to the company’s code are tracked via GitHub and automated controls ensure each change is peer-reviewed and passes a series of tests before being deployed to production. Changes to infrastructure are made via infrastructure as code (Terraform) and are manually reviewed.
Mogara hosts all data and applications in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance documents for more information. All of Mogara’s servers are located within a dedicated virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Web application architecture and implementation are built in Python and follow OWASP guidelines. We regularly run internal application penetration testing and plan to conduct third-party testing soon.
We ensure that all of our third-party apps and providers meet our security data protection standards before using them. We leverage third-party built-in permissioning for managing user access. Our vendor list can be found here.