Skip to main content
Skip to main content
Enterprise-grade protection

Security at Muster

Your trust is our priority. We implement industry-leading security practices to protect your business data.

GDPR
Compliant with EU General Data Protection Regulation
UK DPA
Compliant with UK Data Protection Act 2018
ISO 27001
Information security management certification (in progress)
SOC 2
Service Organization Control 2 Type II (in progress)

How we protect your data

Multiple layers of security work together to keep your business data safe.

Encryption at Rest

Sensitive fields are encrypted using AES-256-GCM with authenticated encryption. Database connections use TLS in production.

Encryption in Transit

All communications use TLS 1.3, ensuring your data is protected as it travels between your devices and our servers.

Access Controls

Five-tier role-based access, MFA/TOTP two-factor authentication, progressive account lockout, and middleware-level API auth.

24/7 Monitoring

Our security team monitors systems around the clock for suspicious activity and potential threats.

UK/EU Data Centres

Your data is stored in secure, certified data centres in the UK and EU, ensuring compliance with local regulations.

Regular Backups

Automated daily backups with 30-day retention and geographic redundancy protect against data loss.

Employee Training

All employees undergo security awareness training and background checks before accessing systems.

Penetration Testing

Regular third-party security assessments and penetration tests identify and address vulnerabilities.

Security FAQ

Where is my data stored?

Your data is stored in secure data centres in the UK and EU. We use AWS infrastructure with enterprise-grade security controls.

Who can access my data?

Only authorized Muster employees with a legitimate business need can access customer data. All access is logged in an immutable audit trail. Every user action is recorded in the UserAuditLog.

What happens if there's a security incident?

We have incident response procedures in place. Affected customers will be notified within 72 hours as required by GDPR.

Can I get a security assessment or questionnaire completed?

Yes, enterprise customers can request security documentation and have questionnaires completed. Contact security@withmuster.com.

Do you offer SSO and 2FA?

Yes, TOTP-based two-factor authentication is available on all plans via any authenticator app (Google Authenticator, Authy, 1Password). SSO via SAML is on our roadmap.

Have security questions?

Our security team is happy to answer questions or provide documentation for your review.

Free 30-minute walkthrough tailored to your trade