Security & compliance

Security & compliance at Moontrize Digital

Q: Where is my data stored?

You can pick EU or US hosting for your Moontrize Digital tenant during onboarding. Both regions follow the same security baseline.

Q: Can we get the latest SOC 2 report?

Yes. Once an NDA is in place we share the latest SOC 2 Type II report and our security questionnaire (CAIQ + SIG Lite).

Q: Do AI models train on customer data?

Models are trained inside your tenant only. We never use your transactional data to train shared foundation models for other customers.

Q: How do you handle penetration testing?

Independent pen tests run at least twice a year, with remediation tracked publicly in the customer security portal.

Finance data demands more than a vague trust page. Moontrize Digital builds security and compliance into every layer of the AI Finance Manager — from the data model up.

Foundation

A platform engineered for boards, auditors and CISOs.

🛡

SOC 2 Type II

Annual audit with continuous control monitoring and customer-accessible evidence.

🛡

GDPR-friendly

EU-hosted tenants, data processing agreements and data-subject workflow on demand.

🛡

ISO 27001 (in progress)

Active certification programme covering the full Moontrize Digital platform.

🛡

AES-256 at rest

Strong encryption for every database, backup and object store, with optional CMEK.

🛡

TLS 1.3 in transit

Forward-secret encrypted connections everywhere, including internal traffic.

🛡

Tenant isolation

Each customer’s data lives in a logically — and optionally physically — isolated tenant.

Access & governance

Granular controls that mirror your org chart.

Moontrize Digital ships SSO/SAML, OIDC and SCIM provisioning out of the box. Roles, permissions and approval flows are defined visually and audited continuously.

Every action — including AI-generated suggestions — is captured in an immutable audit trail you can export for SOC 2, ISO and internal review.

◆

SSO + SCIM

Single sign-on and automatic provisioning across Okta, Azure AD, Google and JumpCloud.

◇

Granular RBAC

Permissions down to dashboard, KPI and dataset level.

✦

Approvals & workflows

Visual approval chains for budgets, payments and reporting handoffs.

✧

Audit logs

Immutable activity log exportable to your SIEM or audit data store.

Resilience

Always-on operations.

High availability and disaster recovery designed for the demands of corporate finance.

99.95%

Uptime SLA

Multi-region active deployments with automated failover.

<15m

RTO

Tested, documented disaster-recovery procedures.

<5m

RPO

Continuous backups across availability zones.

24/7

Security monitoring

Dedicated SOC, threat intelligence and rapid incident response.

Respuestas claras

Preguntas frecuentes

Where is my data stored?

You can pick EU or US hosting for your Moontrize Digital tenant during onboarding. Both regions follow the same security baseline.

Can we get the latest SOC 2 report?

Yes. Once an NDA is in place we share the latest SOC 2 Type II report and our security questionnaire (CAIQ + SIG Lite).

Do AI models train on customer data?

Models are trained inside your tenant only. We never use your transactional data to train shared foundation models for other customers.

How do you handle penetration testing?

Independent pen tests run at least twice a year, with remediation tracked publicly in the customer security portal.

Want the full Moontrize Digital security pack?

Get the SOC 2 report, security overview and architecture diagram tailored to your CISO.

Solicitar una demo en vivo Hablar con expertos