Security at Mooncamp

Enterprise-grade data protection

Mooncamp includes a powerful set of data protection product features that give you the control and flexibility you need to manage all your security challenges.
Data Protection

Secure and reliable infrastructure

Hosting

Mooncamp is hosted on Google Cloud Platform servers in its Germany-based data center. The Google Cloud Platform is a leading "platform as a service" provider that serves clients such as Paypal, Vodafone, METRO, Toyota, and many more. The same security technology that supports Google’s private global network protects their clients' data while meeting rigorous industry-specific compliance standards, among others:

  • ISO 27001
  • ISO 27017
  • ISO 27018
  • SOC 2
  • SOC 3

Encryption

Data is encrypted in-transit using bank-grade TLS 1.2, the safest and most robust method available today. Data is encrypted at-rest using industry-standard 256-bit encryption.

Single Sign-On

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for Mooncamp.

Permission management

Mooncamp's powerful administrative access controls allow for extremely granular permission management. Create roles with custom rights and assign them to different users or groups (Role-based Access Management). Configure access (read, edit, admin) of entities based on custom properties you can create and assign to each user (Entity-based Access Management).

Monitoring

Our developers closely monitor Mooncamp's application status and are immediately notified by our monitoring system, once internal errors or potential errors of our various integrations are logged. This usually allows us to identify the problem within minutes and quickly resolve the situation.

Recovery

Mooncamp's databases are backed up hourly and can be restored if the software or server should ever fail. The backups are stored in various European data centers for additional security. Please note that we cannot restore individual customer accounts. If you delete something in your account, it will actually be deleted.

Enterprise-ready Compliance

GDPR Compliance

The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May of 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed by businesses. The law impacts both European companies and businesses with European contacts. Mooncamp provides safeguards to protect your data by design and by default in order to comply with all GDPR requirements. Furthermore, we’re committed to helping Mooncamp customers and users understand, and where applicable, comply with the GDPR. Mooncamp has specific customer tools and processes to ensure compliance with GDPR requirements.

GDPR-compliant subcontractors that are used by Mooncamp in order to provide its services include:

  • Microsoft Corporation
  • Atlassian Corporation
  • Slack Technologies, Inc.
  • Hubspot, Inc.
  • Mailjet GmbH

A transfer of data to a state that is neither a member of the European Union nor of the European Economic Area is only carried out in compliance with the General Data Protection Basic Regulation (GDPR) and only if the specific requirements of Article 44 et seq. of the DSGVO are met. In particular, such a transfer requires a clearly regulated, contractual agreement between Mooncamp and the respective service provider, which guarantees at least the same level of data protection. This can be done either as part of a valid Privacy Shield certification or in accordance with the standard contractual clauses established by the European Commission.

Incident Response

Security breaches will be communicated and vulnerabilities are fixed ASAP. Custom response time policies are available for enterprise clients.

Data Processing Agreement (DPA)

As soon as you become a customer, both parties can sign a DPA. This contract defines how we may treat your data, which security measures are contractually guaranteed and which rights you have. The contract is required to be fully compliant with the GDPR.

Service-level Agreements (SLA)

Mooncamp offers custom service-level agreements to enterprise clients to make sure all aspects of the service – quality, availability, responsibilities – are meeting the requirements of the service user.

Commitment to Security

Secure Software Development

Secure software is the result of security aware software development processes where security is built in and thus software is developed with security in mind. Mooncamp utilizes a variety of manual and automatic data security and vulnerability checks throughout every stage of the software development lifecycle.

Security Team

Mooncamp has dedicated staff roles in place that ensure that our security and privacy policy are reviewed, updated, tested, and maintained continuously.

Disclosure Policy

If you’ve discovered a vulnerability in the Mooncamp application, please submit a report to us via the button below. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues. Mooncamp strives to stay on top of the latest security developments both internally and by working with external security researchers and companies.