MomentumAI Trust Center
At MomentumAI, security isn't just a feature, it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us with the utmost care and responsibility, whether from our customers, their end users, or anyone who interacts with our organization. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.
Compliance
Resources
ISO 27001 Certificate
Information Security Management System Communication Plan Policy
Data Retention and Disposal Policy
Information Security Management System Manual
Business Continuity and Disaster Recovery
Controls
Sensitive Data Classification & Access Control
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Source code access restricted and changes logged
Data encrypted at rest
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Data protection impact assessment
Data transfers covered by approved safeguards
Encryption in transit over public networks
Secure connection means utilized
Code of Conduct acknowledged by contractors
Code of Conduct acknowledged by employees
Web application firewalls configuration
Development, testing, production environments separated
Anti-malware monitoring
Intrusion detection tool
Infrastructure firewall
Centralized Log Collection and Monitoring
Monitoring, measurement, analysis and evaluation
Incident response procedures documented
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
Documented HIPAA Security Rule policy acknowledgment
Automated decision-making policy
Internal GDPR compliance assessments performed
Visitor sign-in, badging, and escort policy
Internal Audit Program
Technology assets inventoried
Interested party security requirements logged
Annual risk assessments performed
Documented Vendor Management Program
Age verification and parental/guardian consent process enforced
Consent for processing captured via explicit opt-in mechanisms
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
Background checks performed on contractors
Background checks performed on employees
Clock synchronization
Records of Processing Activities (RoPA) maintained
Multi-availability zones
Defined and maintained ISMS scope
Documentation available to internal and external users
Whisteblower mechanism maintained
Lawful basis assessment
Patch management process developed
Board/steering committee bylaws
Removable Media Use Restricted and Encrypted
Disciplinary action enforced
Annual strategic planning meetings conducted
Subprocessors
AzureCloud Infrastructure & Platform Services
CloudflareNetwork & Edge Security
DigitalOceanCloud Infrastructure & Platform Services
MongoDBData Stores & Warehouses