We encrypt data at rest and in transit. All connections to Mogara are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A grade for Qualys/SSL labs. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys. We use industry-standard AWS-managed storage systems.

Changes to the company’s code are tracked via GitHub and automated controls ensure each change is peer-reviewed and passes a series of tests before being deployed to production. Changes to infrastructure are made via infrastructure as code (Terraform) and are manually reviewed.

Web application architecture and implementation are built in Python and follow OWASP guidelines. We regularly run internal application penetration testing and plan to conduct third-party testing soon.

Mogara hosts all data and applications in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance documents for more information. All of Mogara’s servers are located within a dedicated virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

We ensure that all of our third-party apps and providers meet our security data protection standards before using them. We leverage third-party built-in permissioning for managing user access. Our vendor list can be found here.