Security
Your compliance data is sensitive. Here's how we protect it.
Encryption
All data is encrypted in transit (TLS 1.3) and at rest. Document uploads use encrypted storage with per-account isolation.
Access control
Row Level Security enforces that every database query is scoped to the authenticated user's account. No data leaks between accounts.
Infrastructure
HMOJO runs on Supabase and Vercel, both SOC 2 Type II certified, with UK-region data hosting.
Vulnerability disclosure
Found a security issue? Please email security@hmojo.co.uk. We aim to respond within 24 hours and will credit responsible disclosure.
Security contact: security@hmojo.co.uk
We do not operate a bug bounty programme at this time, but all responsible disclosures are taken seriously and credited where appropriate.
We do not operate a bug bounty programme at this time, but all responsible disclosures are taken seriously and credited where appropriate.