mmhmm Trust Center
mmhmm is committed to the security and privacy of our customers’ data. It’s so important that it’s the first of the Three Laws of mmhmm.
Certification and compliance
SOC 2 (Type 1)
mmhmm is SOC 2, type 1 certified. If you would like to request a copy of the latest report, please contact our sales team.
mmhmm maintains programs for incident response, business continuity, security awareness training, risk management and vendor management.
We have a full-time information security and data privacy team.
mmhmm encrypts data at rest and in transit using leading-practice protocols and algorithms. Customer data is logically segmented.
mmhmm supports single sign-on with several identity providers.
All mmhmm employee system access is limited on a least-privilege basis. Access to the backend production environment requires multi-factor authentication.
mmhmm's infrastructure is hosted by an industry-leading cloud services provider. Cloud-native tools such as intrusion detection and prevention, web application firewalls, and denial of service protection are in place.
mmhmm continuously monitors our environment for vulnerabilities and configuration risks. We conduct regular vulnerability scanning and penetration testing, and we maintain a responsible disclosure program.
Have specific security questions? Ask them here.