Skip to content

Safety & Security

Our Commitment to Responsible AI

Loading Scribble

Our Comprehensive Security Framework

Data Encryption

Mpalo employs robust, multi-layered encryption mechanisms to protect your data both in transit and at rest. When your data travels between your device and our servers, it is secured using industry-standard Transport Layer Security (TLS) 1.2 or higher, with strong cipher suites. Data stored within our systems – including your memories, metadata, backups, and any information in our databases (whether Mpalo-managed or your BYOVS integration point) – is encrypted at rest using advanced encryption standards like AES-256. Encryption keys themselves are managed with strict access controls and regular rotation policies.

Access Controls & Authentication

Strict access control mechanisms are fundamental to our security. We enforce the principle of least privilege, ensuring that personnel and systems only have access to the data and resources necessary for their specific roles or functions. Multi-Factor Authentication (MFA) is mandatory for all internal access to production systems. For users, we offer robust authentication options, including MFA (detailed on our MFA Settings page), to protect your account from unauthorized access.

Network Security & Infrastructure

Our infrastructure is designed with security at its core, leveraging secure cloud environments with firewalls, intrusion detection/prevention systems (IDS/IPS), and regular vulnerability scanning. We maintain segmented networks to isolate critical systems and limit the potential impact of any security incident. Distributed Denial of Service (DDoS) mitigation strategies are in place to ensure service availability.

Secure Development Lifecycle (SDL)

Security is integrated into every phase of our software development lifecycle. This includes secure coding training for our developers, regular code reviews with a security focus, static and dynamic application security testing (SAST/DAST), and vulnerability management programs. We strive to identify and remediate security flaws before they can impact our users.

Incident Response & Monitoring

Mpalo maintains a comprehensive incident response plan to effectively detect, contain, eradicate, and recover from security incidents. We utilize continuous monitoring and logging of our systems to identify suspicious activity and potential threats. In the event of a confirmed data breach involving personal data, we are committed to notifying affected users and relevant authorities in accordance with applicable legal obligations.

User Control & Data Rights

Empowering you with control over your data is a core tenet at Mpalo. You own your data and the memories Palo creates for you. We provide you with tools and functionalities within the Mpalo platform (e.g., the Workbench) to:

  • View and Access Your Data: Understand what information Palo has stored as memories.
  • Manage and Modify: Correct or update memories as needed.
  • Delete Your Data: Permanently remove specific memories or your entire memory set according to your preferences. Our deletion processes are designed to be thorough, removing data from active systems and subsequently from backups in line with our data retention policies.
  • Data Portability: We aim to provide mechanisms for you to export your data in a common, machine-readable format where feasible.

For more details on your data rights, please see our Privacy Policy and the Data Handling & Transparency section on our Trust & Ethics page.

Compliance & Certifications

Mpalo is committed to meeting and exceeding industry best practices and regulatory requirements for data security and privacy. Our current status and goals include:

  • GDPR (General Data Protection Regulation): Mpalo designs its services to be compliant with GDPR, providing robust data protection for users in the European Union and beyond. This includes respecting data subject rights, ensuring lawful basis for processing, and implementing appropriate technical and organizational measures.
  • HIPAA (Health Insurance Portability and Accountability Act): While Mpalo's standard services are not designed for Protected Health Information (PHI) by default, we are actively working towards offering HIPAA-compliant solutions for specific healthcare use cases under appropriate Business Associate Agreements (BAAs) for our Enterprise tier clients. Contact sales for more information.
  • SOC 2 (System and Organization Controls 2): Mpalo is on the path to achieving SOC 2 certification. We are implementing and refining controls related to security, availability, processing integrity, confidentiality, and privacy to meet the rigorous standards of SOC 2. We anticipate completing our Type I audit in the near future, followed by a Type II audit.
  • Other Regulations: We continuously monitor global privacy and security regulations (e.g., CCPA/CPRA) to adapt our practices and ensure ongoing compliance where applicable.

Advanced Security Features (Enterprise Tier)

For our Enterprise tier clients with heightened security and compliance needs, Mpalo offers advanced security features and configurations:

  • Anomaly Detection: Sophisticated monitoring systems that learn normal patterns of data access and usage within your organization's Mpalo environment. Alerts are triggered for unusual activities that could indicate compromised accounts, insider threats, or attempts at unauthorized data exfiltration. This allows for proactive investigation and mitigation.
  • Data Loss Prevention (DLP) Capabilities: Configurable policies and tools designed to help prevent sensitive information from leaving your secure Mpalo environment. This may include content inspection, activity monitoring, and policy enforcement to align with your organization's data governance requirements. (Availability and specific features may vary based on deployment model, e.g., BYOVS).
  • Custom Security Configurations: Tailored security settings, including options for dedicated infrastructure, specific encryption key management, custom network configurations, and more granular access controls.
  • Enhanced Audit Logs & Reporting: More detailed and customizable audit logs for security information and event management (SIEM) integration, providing comprehensive visibility into account activity and system events.
  • Dedicated Security Support & SLAs: Enterprise clients benefit from priority support from our security team and service level agreements (SLAs) that cover security incident response times.

These advanced features are designed to provide our Enterprise clients with the highest level of security, control, and compliance assurance. Please contact our sales team to discuss your specific requirements.

Responsible Disclosure

We value the work of security researchers and believe that responsible disclosure is key to maintaining a secure platform. If you believe you have found a security vulnerability in any Mpalo service, please report it to us promptly via security@mpalo.com. We are committed to investigating all legitimate reports and will do our best to address confirmed vulnerabilities in a timely manner. We ask that you follow responsible disclosure guidelines and not publicly disclose any vulnerability until we have had a reasonable opportunity to remediate it.