Security

Your compliance data is sensitive. Here's how we protect it.

Encryption

All data is encrypted in transit (TLS 1.3) and at rest. Document uploads use encrypted storage with per-account isolation.

Access control

Row Level Security enforces that every database query is scoped to the authenticated user's account. No data leaks between accounts.

Infrastructure

HMOJO runs on Supabase and Vercel, both SOC 2 Type II certified, with UK-region data hosting.

Vulnerability disclosure

Found a security issue? Please email security@hmojo.co.uk. We aim to respond within 24 hours and will credit responsible disclosure.

Security contact: security@hmojo.co.uk
We do not operate a bug bounty programme at this time, but all responsible disclosures are taken seriously and credited where appropriate.