Security

Security is foundational to usemoos. Because we index content from across your organization’s most sensitive tools, we apply defense-in-depth practices across infrastructure, application, and organizational layers. This page summarizes our current security program.

1. Encryption

All data in transit is encrypted using TLS 1.2 or higher. All data at rest, including indexed content, embeddings, and conversation history, is encrypted using AES-256. Encryption keys are managed through our cloud provider’s key management service and rotated on a regular schedule.

2. Access Controls

usemoos enforces workspace isolation at the data layer: every query is scoped to a workspace identifier, and no workspace can read another workspace’s data. Internally, we apply least-privilege access — engineers do not have standing access to customer data, and any access granted for support or debugging is logged and time-limited.

Within a workspace, usemoos respects the permissions already enforced by the source system. Employees only see search results and AI answers built from content they already have access to in the underlying tool — we do not widen access beyond what the source system grants.

3. Authentication

Account authentication is handled through Clerk, supporting passwordless sign-in, SSO via SAML and OIDC, and multi-factor authentication. Workspace administrators can require SSO for all members of their organization.

4. Infrastructure

Our application services run on AWS ECS Fargate within isolated virtual networks, segmented by environment and function. Production infrastructure is separated from staging and development. We rely on managed, audited cloud services for compute, storage, and the vector database rather than self-hosting critical infrastructure.

5. Monitoring and Incident Response

We continuously monitor application and infrastructure logs for anomalous activity. Security-relevant events are alerted to our team in real time. In the event of a confirmed security incident affecting customer data, we will notify affected workspace administrators without undue delay and in accordance with our contractual and legal obligations.

6. Vulnerability Management

We run automated dependency and vulnerability scanning across our codebase and container images as part of continuous integration. Critical vulnerabilities are patched on an expedited basis. We welcome responsible disclosure of security issues at security@usemoos.com.

7. Sub-processors

We rely on a small number of vetted infrastructure and AI service providers to operate usemoos. Each sub-processor is bound by data protection terms consistent with our own commitments. See our Data Processing Agreement for the current list and further detail on data processing terms.

8. Your Responsibilities

Security is shared. Workspace administrators are responsible for managing member access, reviewing connected integrations, and promptly revoking access for departed employees. We recommend enabling SSO and multi-factor authentication for all workspace members.

9. Contact

For security questions, vulnerability reports, or to request our latest security documentation, contact security@usemoos.com.