Security at MASK.
Enterprise-grade security built into every layer of the platform, not bolted on as an afterthought.
# Security practices
Layered defenses for
every threat vector.
Encryption in Transit
All data transmitted over TLS 1.2+. HTTPS enforced on all endpoints including redirect traffic.
Credential Security
Passwords hashed with bcrypt. API keys stored using irreversible SHA-256 hashing. httpOnly secure cookies.
Role-Based Access Control
Six granular roles enforced server-side on every API endpoint. Owner, Admin, Editor, Analyst, Billing, Developer.
Audit Logging
All significant actions recorded in immutable audit logs. Authentication, permission changes, and admin operations.
Abuse Prevention
Automated URL scanning against phishing databases. Rate limiting per account and IP. Public abuse reporting pipeline.
Data Isolation
Multi-tenant architecture with strict workspace-level data isolation. Cross-workspace access is impossible by design.
# Compliance
Compliance and certifications.
GDPR Aligned
Data minimisation, retention controls, export/deletion capabilities, and cross-border transfer transparency.
SSO Ready
SAML and OIDC support for enterprise single sign-on integration with your identity provider.
Privacy by Design
IP anonymisation options, configurable data retention, and minimal data collection principles.
Incident Response
Structured incident response procedures with breach notification commitments and forensic logging.
Security meets speed.
Need to review our security posture for procurement? We provide security questionnaire responses and can schedule a review call.
Contact Security Team