In transit: Mox requires a minimum of TLS v1.2 encryption (TLS v1.3 also supported) for all connections and data transferred between server and the end user's browser.

At rest: All Database and File Storage is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256).

All users accessing content in the platform must be registered and managed through our Identity Provider, Okta. Users must have use a secure password and have a valid email.

Account Administrators have permission to manage access and roles for users within their account. More information on user access roles may be found here: https://help.moxsoftware.com/en/articles/6212309-assigning-mox-roles

All user data is stored in Amazon Web Services (AWS) data centers located either in the United States or Europe. The European-based data centers allow for GDPR compliance for affected customers.

AWS data centers are independently audited for comprehensive Data Security including SOC 2 and ISO 27001 programs.

Esko is in the process of completing SOC 2, Type 2 assessments. SOC 2 is a security framework that designates how SaaS Providers should protect data from unauthorized access, respond to security incidents, and address vulnerabilities. The American Institute of Certified Public Accountants (AICPA) developed the SOC 2 framework.