mmhmm Trust Center

mmhmm is committed to the security and privacy of our customers’ data. It’s so important that it’s the first of the Three Laws of mmhmm.

Certification and compliance

SOC 2 (Type 1)

mmhmm is SOC 2, type 1 certified. If you would like to request a copy of the latest report, please contact our sales team.


We have implemented a GDPR compliance program. See our Privacy Policy for information about how we process your personal data.


We have implemented a CCPA compliance program. See our Privacy Policy for information about how we process California residents’ personal information.


mmhmm maintains programs for incident response, business continuity, security awareness training, risk management and vendor management.
We have a full-time information security and data privacy team.

Data Protection

mmhmm encrypts data at rest and in transit using leading-practice protocols and algorithms. Customer data is logically segmented.

Access Controls

mmhmm supports single sign-on with several identity providers.
All mmhmm employee system access is limited on a least-privilege basis. Access to the backend production environment requires multi-factor authentication.

Infrastructure Security

mmhmm's infrastructure is hosted by an industry-leading cloud services provider. Cloud-native tools such as intrusion detection and prevention, web application firewalls, and denial of service protection are in place.

Vulnerability Management

mmhmm continuously monitors our environment for vulnerabilities and configuration risks. We conduct regular vulnerability scanning and penetration testing, and we maintain a responsible disclosure program.

Have specific security questions? Ask them here.