SOC 2 Type II Certified

Security and privacy at Mendable

We take security and privacy very seriously at Mendable. Take a look at our security features below.

Product Security

Encryption in transit

Mendable uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks..

Penetration Testing

Mendables engages with one of the best penetration testing firms in the industry, Oneleet, at least once a year. Email us to request a full report.

Vulnerability Scanning

Mendable uses automated vulnerability scanning tools to identify potential vulnerabilities in our applications and infrastructure.

Enterprise Security

Endpoint protection

All corporate devices are centrally managed and are equipped with device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage.

Security education

Mendable provides comprehensive security training to all employees upon onboarding and annually through educational modules through Vanta’s platform.


Mendable provides SSO features for enterprises to manage their users and access to Mendable.

Frequently asked security questions

What security frameworks is Mendable compliant with?

Mendable is SOC 2 Type II compliant. Additionally, we will soon be making strides to become complaint in ISO 27K:2022 and GDPR.

Where does my data go when it is ingested to Mendable?

When you ingest your data into the Mendable ecosystem, it is stored on our database provider. However, your data is not used to train the underlying OpenAI models. OpenAI may hold onto conversation data for up to 30 days for content moderations purposes, however it will be subsequently deleted.