Security & Privacy

Today no SaaS provider can claim to have a customer-focused mindset if they do not have strong and transparent security and privacy programs.

Data Privacy

Data Privacy

We take the privacy of our customers extremely seriously and we will never sell any customer information or share it in any manner different than described on Mosyle Business Privacy Policy.

For detailed information about how Mosyle handles your data, refer to Mosyle Business Privacy Policy.


Mosyle is compliant with GDPR. For information about how Mosyle handles your data, refer to Mosyle Business Privacy Policy and Mosyle Business Terms of Service.

See who is using Mosyle:

See who is using Mosyle - Glitch Animation See who is using Mosyle - Glitch Animation See who is using Mosyle - Glitch Animation See who is using Mosyle - Glitch Animation See who is using Mosyle - Glitch Animation See who is using Mosyle - Glitch Animation

Oops... This information is also protected.

We're proud to serve over 22,000 small, medium, and large businesses around the world, helping them to deploy, manage, and protect mission critical Apple endpoints used daily in their business. However, we always remember that as their Apple Endpoint Management and Security provider, we serve them and not the other way around. At Mosyle, protecting the privacy and security of our customers is the only priority and we would never compromise on this important goal just to make our marketing efforts easier. Protecting our customer's identity is part of our offer and an important component in making absolutely sure devices and data are even more secure.


SOC2 Type II

In 2020, we first achieved our SOC 2 Type II certification. The SOC 2 Type II has become an industry standard for SaaS providers. This report establishes that an AICPA certified auditor has reviewed and verified the controls Mosyle has in place to protect the confidentiality, integrity, and availability of your data.
For more information about our SOC2 Type II certification, please use the Support Area inside your Mosyle Business account to open a ticket and our team will help you.

Data Controls

• All customer data is stored in the United States within Azure.
• All customer data is encrypted at rest.
• All client communications to the environment are encrypted with TLS.
• Data for the Mosyle Manager and Mosyle Business products are stored independently.
• Verified controls are in place to prevent data contamination between customers.
• Mosyle systems are protected within multiple availability zones, and the disaster recovery procedures are tested at least annually.

Software Controls

• Mosyle follows a strict change management policy covering our endpoints, infrastructure, and software code base.
• We perform nightly static code analysis.
• All software development adheres to our strict multistage review process leveraging both static and manual code reviews.

Staff Controls

• The structured employee on-boarding process involves background checks, reference checks, and interviews with relevant Mosyle employees.
• All Mosyle employees have a defined reporting structure and are managed in accordance with the policies and procedures.
• Customer approval is required to access individual customer accounts.
• All employee access to the client environment is restricted to trusted machines.
• All employee authentication is multi-factor.
• All Mosyle employees go through regular security awareness training and testing.
• All Mosyle employees have reviewed and accepted all relevant policies and procedures.

Other Controls

• We are continuously evaluating our systems against recognized benchmarks and standards such as NIST and CIS.
• We perform regular vulnerability scanning.
• We monitor our systems for any anomalies in performance, availability, or integrity.

Report a Security Concern

If you believe you have discovered a security flaw, please contact us at security@mosyle.com. We support responsible disclosure. We request that you provide us the industry accepted 90 days to reproduce and remediate any validated issues so we can continue to protect our customers data.