MozAssetsBack to Home

Security Policy

Last updated: 24 April 2026

1. Our Commitment to Security

At Mozetech, we take the security of your data seriously. MozAssets is built with security-first principles to protect your organization's sensitive asset information.

This document outlines our security measures and responsibilities.

2. Data Protection

We implement multiple layers of protection:

  • Encryption at Rest: All data is encrypted when stored in our database
  • Encryption in Transit: All data is encrypted during transmission using TLS 1.2+
  • Database Security: PostgreSQL database with firewall and access controls
  • Secure Backups: Encrypted backups stored in separate locations

3. Access Controls

We use role-based access control (RBAC):

  • Organization Admin: Full access to manage organization settings
  • Manager: Manage assets, users, and create reports
  • User: View and update assigned assets
  • Viewer: Read-only access to specified areas

Admins can assign appropriate roles to their organization users.

4. Authentication

  • Secure session management with automatic timeouts
  • Email-based verification for new accounts
  • Password strength requirements enforced
  • Failed login attempt monitoring

5. Infrastructure Security

  • Cloud Hosting: Hosted on secure cloud infrastructure (Vercel)
  • Database: Managed PostgreSQL (Neon) with encryption
  • Firewall: Network-level protection
  • Uptime: 99.9% uptime SLA for Enterprise
  • CDN: Content delivery network for fast access

6. Audit Logging

We maintain comprehensive audit logs:

  • All user logins and logouts
  • Asset creation, modification, and deletion
  • User management actions
  • Configuration changes
  • Data exports

Organization Admins can view relevant audit logs in their dashboard.

7. Payment Security

All payments are processed securely via Payfast, South Africa's leading payment gateway:

  • PCI DSS compliant payment processing
  • No credit card data stored on our servers
  • Secure API integration
  • Transaction verification

8. Incident Response

In case of a security incident:

  • Detection: Automated monitoring systems
  • Assessment: Security team evaluates impact
  • Notification: Affected users notified within 72 hours
  • Resolution: Immediate action to remediate
  • Prevention: Measures implemented to prevent recurrence

9. Vulnerability Management

  • Regular security assessments
  • Automated dependency scanning
  • Third-party penetration testing
  • Timely security patches and updates

10. User Responsibilities

For optimal security, we recommend users and organizations:

  • Use strong, unique passwords
  • Enable two-factor authentication (when available)
  • Regularly review user access and remove inactive accounts
  • Assign minimum necessary permissions to users
  • Report suspicious activity to security@mozetech.com
  • Keep contact information current for notifications
  • Train users on security best practices
  • Never share login credentials

11. Compliance

  • POPIA (Protection of Personal Information Act) compliant
  • PCI DSS for payment processing
  • GDPR-ready data handling

12. Reporting Security Issues

If you discover a security vulnerability or have security concerns:

Contact security@mozetech.com immediately. We appreciate responsible disclosure and will work with you to address any issues.

13. Contact

For security-related questions, contact security@mozetech.com