Security

Locked down, logged.

Salaries, reviews, health information, the most sensitive data your company holds. Encrypted everywhere, access by role, every change on the record, and never used to train AI. In writing.

Security teams welcome on the demo
Audit logEvery action logged
09:31:08Access granted · role: HR adminlogged
09:31:42Record changed · comp · by Mambarule cited
09:32:15Export requested · approved by B. Belllogged
09:33:01Document viewed · offer · by HR adminlogged
Kept forever · cannot be edited, not even by us4 of 247 today
Audit question answered the same morning
Mamba · done

Our commitments

How we treat your data

No fine print, no acronyms. The five things that hold, no matter the customer or the contract.

01
Encrypted in transit and at rest
AES-256 encryption at rest, TLS 1.2+ in transit. Your records are protected while stored and while moving between systems.
Always on
02
Access by role, least privilege
Each person sees only what their role allows. Managers see their team; employees see their own record.
Always on
03
Every change logged with who and why
Every action, by a person or by Mamba, is written to a record nobody can edit, with the reason attached.
Always on
04
Your data stays in the US
Stored on enterprise US cloud infrastructure. It never leaves the country.
In your contract
05
Never used to train AI
Names, salaries, reviews, health information, none of it trains any AI model. Not ours, not anyone else’s.
In your contract

Access

You control the keys

Orphaned accounts are how breaches start. Sign-on and user provisioning run through WorkOS, Okta, or Microsoft Entra, access follows your org chart, and when someone is offboarded, they’re locked out the same minute.

  • Your team signs in with the accounts they already use
  • Permissions follow each person’s role, automatically
  • Offboarded means locked out, no orphaned accounts
See it on a live demo →
Single sign-onYour login, your rules
O
Okta
Sign-on + user provisioning
connected
E
Microsoft Entra
Sign-on + user provisioning
connected
W
WorkOS
Sign-on for everything else
connected
Offboarded at 4:02 PM → locked out at 4:02 PM

Human oversight

A human on the big calls

The agent acts within the policy you set. Offers above band, terminations, big comp changes, those always stop and wait for a person to sign off. Every time, with the reasoning attached.

  • You decide which actions need a person
  • Nothing high-stakes happens without a named approver
  • Every approval, and every decline, is on the record
See it on a live demo →
High-stakes actionsThe agent stops. A person decides.
Offer · Maya Chen
$195k · above band 8%
requires human sign-off
Comp change · Tom Harrison
+12% merit · within band
requires human sign-off
Address update · Jordan Lee
Filed automatically · logged
done
Mamba · doneRoutine work runs; the big calls wait for you
100%
of changes logged with who and why
0
AI training on your data, contractual
1
human required on every high-stakes action

For your security review

The questionnaire, answered.

The questions your IT and legal reviewers will ask, answered before they ask them. Forward this page, or bring them to the demo.

Where does our data live?

On enterprise AWS infrastructure in the United States. It never leaves the country, and US residency is written into your contract.

How is it encrypted?

AES-256 at rest, TLS 1.2 or higher in transit, for the database, documents, and every backup.

Who at MambaHR can see it?

Access is role-based and least-privilege on our side too. Production access is restricted, logged, and reviewed, and every access lands in the same immutable audit trail you can read.

What about backups and recovery?

Encrypted automated backups with point-in-time recovery, tested restores, and infrastructure that fails over without your data going anywhere.

What if we leave?

Your data is yours. Full export in standard formats whenever you ask, including on the way out, then verified deletion within 30 days of contract end.

Who are your subprocessors?

A short list, led by AWS (US) for infrastructure and AI processing and WorkOS for sign-on. The full list comes with your contract, and we notify you before it changes.

What happens if there’s an incident?

We notify you without undue delay, tell you exactly what was touched, and give you what your own notifications require. That commitment is in the contract, not a blog post.

Does any of it train AI?

No. Names, salaries, reviews, health information, none of it trains any model, ours or anyone else’s. Contractual, not configurable.

Something we didn’t cover? security questions go straight to the founders.

Dana Whitfield
I asked the hard questions before we signed, who sees what, where the data lives, what trains their AI. The answers were in the contract, not a slide deck.
Dana WhitfieldHead of People

Trust, verifiable.

Bring your security team to the demo. We like those calls.

No setup project · Your data imported in a day · You approve the big calls