Mobb is a security-centric platform, and as such places the utmost importance on data security. This document aims to provide transparency on how your data is handled at Mobb and what policies are there to safeguard your data.

Mobb has also completed SOC 2 Type II assessments. Access to the assessment reports can be requested by contacting us at support@mobb.ai.

User-supplied data

To provide automated fixes Mobb must have access to the relevant vulnerability reports and the code needed to be fixed.

Mobb only uploads to its servers files that were highlighted in the vulnerabilities report for issues selected in the fix policy. It does not upload the entire code base.

Data Retention

The vulnerability reports and the relevant code sections are stored on our servers for up to 2 weeks, after which will be deleted permanently. This retention policy can be customized per customer requirements.

Data Protection

Mobb employs state-of-the-art protection for both data in-flight (TLS 1.2 or greater) and data at-rest (AES using 256 bits keys or greater).

AI Policy

We are committed to safeguarding the privacy and security of our customers' data. As part of our dedication to ethical and responsible practices, we have established a clear policy regarding the use of AI technology within our operations.

• Non-Disclosure of Customer Data: We do not share customers' data with third-party AI providers, ensuring that sensitive information remains confidential and protected.

• No Customer Data for AI Training: Our commitment extends to the ethical use of AI, as we strictly prohibit the utilization of customer data for AI training or fine-tuning purposes.

• Stable Fixes: While we leverage AI as part of our fix implementation process, all fixes with the "stable" designation must follow deterministic algorithms and industry best practices around fix implementation. As such, stable fixes are safe in terms of the potential of introducing new issues as seen in various published research on the use of AI in coding or in security, including an analysis conducted by our security researcher as seen in the following Blog article.