Security
Locked down, logged.
Salaries, reviews, health information, the most sensitive data your company holds. Encrypted everywhere, access by role, every change on the record, and never used to train AI. In writing.
Audit question answered the same morningOur commitments
How we treat your data
No fine print, no acronyms. The five things that hold, no matter the customer or the contract.
Access
You control the keys
Orphaned accounts are how breaches start. Sign-on and user provisioning run through WorkOS, Okta, or Microsoft Entra, access follows your org chart, and when someone is offboarded, they’re locked out the same minute.
- Your team signs in with the accounts they already use
- Permissions follow each person’s role, automatically
- Offboarded means locked out, no orphaned accounts
Human oversight
A human on the big calls
The agent acts within the policy you set. Offers above band, terminations, big comp changes, those always stop and wait for a person to sign off. Every time, with the reasoning attached.
- You decide which actions need a person
- Nothing high-stakes happens without a named approver
- Every approval, and every decline, is on the record
For your security review
The questionnaire, answered.
The questions your IT and legal reviewers will ask, answered before they ask them. Forward this page, or bring them to the demo.
Where does our data live?
On enterprise AWS infrastructure in the United States. It never leaves the country, and US residency is written into your contract.
How is it encrypted?
AES-256 at rest, TLS 1.2 or higher in transit, for the database, documents, and every backup.
Who at MambaHR can see it?
Access is role-based and least-privilege on our side too. Production access is restricted, logged, and reviewed, and every access lands in the same immutable audit trail you can read.
What about backups and recovery?
Encrypted automated backups with point-in-time recovery, tested restores, and infrastructure that fails over without your data going anywhere.
What if we leave?
Your data is yours. Full export in standard formats whenever you ask, including on the way out, then verified deletion within 30 days of contract end.
Who are your subprocessors?
A short list, led by AWS (US) for infrastructure and AI processing and WorkOS for sign-on. The full list comes with your contract, and we notify you before it changes.
What happens if there’s an incident?
We notify you without undue delay, tell you exactly what was touched, and give you what your own notifications require. That commitment is in the contract, not a blog post.
Does any of it train AI?
No. Names, salaries, reviews, health information, none of it trains any model, ours or anyone else’s. Contractual, not configurable.
Something we didn’t cover? security questions go straight to the founders.

I asked the hard questions before we signed, who sees what, where the data lives, what trains their AI. The answers were in the contract, not a slide deck.
Trust, verifiable.
Bring your security team to the demo. We like those calls.
No setup project · Your data imported in a day · You approve the big calls