Mobb User Docs
Start NowBlogsWatch NowContact Us
  • What is Mobb?
  • What's New with Mobb
  • Supported Fixes
  • Getting Started
    • System Requirements
    • Onboarding Guide
      • Registering a Mobb account
      • Try Mobb now!
      • Running Mobb against your own code
      • Automate Mobb in a CI/CD pipeline
    • Working with the Fix Report
    • Mobb CLI Overview
      • Analyze Mode
      • Scan Mode
      • Add SCM Token Mode
      • Review Mode
      • Common Deployment Scenarios
  • Mobb Dashboard
  • Integrating SAST Findings
    • Checkmarx
      • Generating Checkmarx One JSON Report from CLI
    • Snyk
    • SonarQube
      • Generating a SonarQube SAST Report
    • Fortify
    • CodeQL
    • Semgrep/Opengrep
      • Generating a Semgrep SAST Report
      • Generating an Opengrep SAST Report
  • CI/CD Integrations
    • GitHub Actions
      • GitHub Fixer for CxOne
      • GitHub Fixer for Opengrep
    • GitLab Pipeline
    • Azure DevOps
    • Jenkins
    • CircleCI
    • Bamboo
    • Bitbucket Pipeline
  • Administration
    • User Management
    • Project Settings
    • Access Tokens
    • Organization-Level Fix Policy
    • Integrations Page
    • SAML Single Sign-On Flow
  • More Info
    • Mobb Broker
      • Mobb Broker Token Rotation
      • Secure storage of Mobb broker in AWS Secrets Manager
    • Providing Fix Feedback
    • Frequently Asked Questions (FAQ)
    • Data Protection and Retention
    • Service Level Agreement
  • Fixing Guides
    • SQL Injection
    • Path Traversal
    • Log Forging
    • XSS
    • XXE
    • Server Side Request Forgery
    • HttpOnly Cookie Vulnerabilities
    • Hardcoded Domain in HTML
    • Hardcoded Secrets
    • HTTP Response Splitting Attacks
    • Insecure Cookie Vulnerabilities
    • Insecure Randomness
    • Missing Check against Null
    • Missing Rate Limiting
    • Regex Missing Timeout
    • System Information Leakage
  • Mobb REST API Guide
Powered by GitBook
On this page
  • User-supplied data
  • Data Retention
  • Data Protection
  • AI Policy

Was this helpful?

  1. More Info

Data Protection and Retention

PreviousFrequently Asked Questions (FAQ)NextService Level Agreement

Last updated 1 year ago

Was this helpful?

Mobb is a security-centric platform, and as such places the utmost importance on data security. This document aims to provide transparency on how your data is handled at Mobb and what policies are there to safeguard your data.

Mobb has also completed SOC 2 Type II assessments. Access to the assessment reports can be requested by contacting us at .

User-supplied data

To provide automated fixes Mobb must have access to the relevant vulnerability reports and the code needed to be fixed.

Mobb only uploads to its servers files that were highlighted in the vulnerabilities report for issues selected in the fix policy. It does not upload the entire code base.

Data Retention

The vulnerability reports and the relevant code sections are stored on our servers for up to 2 weeks, after which will be deleted permanently. This retention policy can be customized per customer requirements.

Data Protection

Mobb employs state-of-the-art protection for both data in-flight (TLS 1.2 or greater) and data at-rest (AES using 256 bits keys or greater).

AI Policy

We are committed to safeguarding the privacy and security of our customers' data. As part of our dedication to ethical and responsible practices, we have established a clear policy regarding the use of AI technology within our operations.

  • Non-Disclosure of Customer Data: We do not share customers' data with third-party AI providers, ensuring that sensitive information remains confidential and protected.

  • No Customer Data for AI Training: Our commitment extends to the ethical use of AI, as we strictly prohibit the utilization of customer data for AI training or fine-tuning purposes.

  • Stable Fixes: While we leverage AI as part of our fix implementation process, all fixes with the "stable" designation must follow deterministic algorithms and industry best practices around fix implementation. As such, are safe in terms of the potential of introducing new issues as seen in various published research on the use of AI in coding or in security, including an analysis conducted by our security researcher as seen in the following .

support@mobb.ai
stable fixes
Blog article