mmhmm Trust Center
mmhmm is committed to the security and privacy of our customers’ data. It’s so important that it’s the first of the Three Laws of mmhmm.
Certification and compliance
SOC 2 Type 2
mmhmm is SOC 2, type 2 certified. If you would like to request a copy of the latest report, please contact our sales team.
GDPR
We have implemented a GDPR compliance program. See our Privacy Policy for information about how we process your personal data.
CCPA
We have implemented a CCPA compliance program. See our Privacy Policy for information about how we process California residents’ personal information.
Governance
mmhmm maintains programs for incident response, business continuity, security awareness training, risk management and vendor management.
We have a full-time information security and data privacy team.
Data Protection
mmhmm encrypts data at rest and in transit using leading-practice protocols and algorithms. Customer data is logically segmented.
Access Controls
mmhmm supports single sign-on with several identity providers.
All mmhmm employee system access is limited on a least-privilege basis. Access to the backend production environment requires multi-factor authentication.
Infrastructure Security
mmhmm's infrastructure is hosted by an industry-leading cloud services provider. Cloud-native tools such as intrusion detection and prevention, web application firewalls, and denial of service protection are in place.
Vulnerability Management
mmhmm continuously monitors our environment for vulnerabilities and configuration risks. We conduct regular vulnerability scanning and penetration testing, and we maintain a responsible disclosure program.
Have specific security questions? Ask them here.