Security

Your decisions stay yours.

Encryption, access control, traceability, and governance — built into how Mongeflow handles every input and output.

All traffic over TLS 1.3. Data at rest encrypted with AES-256. API keys hashed, never stored in plaintext.

Hosted on Railway with automatic backups. Network isolation between tenants. Infrastructure providers maintain SOC 2 Type II certification.

Enterprise identity via Clerk: SSO, MFA, session management. Role-based access with org-level tenant isolation.

Every value labeled with its source — your data, inferred, default, or missing — before any decision moves forward.

Review queues, multi-step approvals, role-gated exports, and a full audit trail across the decision lifecycle.

Scoped API keys, signed webhook payloads, rate limits, CORS controls, and retry-with-backoff delivery.

Have a question

Need a deeper review? We answer real security questionnaires from real buyers.