moccet is an AI-powered platform that matches AI agents with human experts to deliver software projects faster and more efficiently.

How does moccet use AI?

moccet leverages AI agents for project automation, expert matching, and development optimization, resulting in faster delivery and cost savings.

moccet is designed for startups, tech companies, and software development teams seeking to accelerate their projects with AI and expert collaboration.

SECURITY & DATA PROTECTION

Comprehensive Security Framework & Legal Protections

Last Updated: June 30, 2025 | ISO 27001:2022 Compliant

Executive Summary

This Security & Data Protection Policy ("Policy") constitutes a legally binding agreement between moccet Inc., a Delaware corporation ("moccet," "we," "us," or "our"), and any individual or entity accessing or using our services ("User," "you," or "your"). By accessing our platform, you acknowledge and agree to be bound by this Policy in its entirety. This Policy is governed by the laws of Delaware and incorporates by reference all applicable federal and international data protection regulations.

I. Comprehensive Security Framework

A. Technical Security Infrastructure

moccet maintains enterprise-grade security infrastructure that meets or exceeds industry standards including but not limited to:

Encryption Standards: AES-256 encryption for data at rest and TLS 1.3 for data in transit, compliant with FIPS 140-2 Level 3 standards
Access Controls: Multi-factor authentication (MFA) mandatory for all accounts, implementing SAML 2.0 and OAuth 2.0 protocols
Infrastructure Security: SOC 2 Type II certified data centers with 99.99% uptime SLA, redundant systems across multiple geographic regions
Vulnerability Management: Continuous automated scanning, quarterly third-party penetration testing by certified ethical hackers, and immediate patching protocols
Network Security: Next-generation firewalls (NGFW), intrusion detection/prevention systems (IDS/IPS), and DDoS mitigation services
Application Security: Secure SDLC practices, OWASP Top 10 compliance, and regular security code reviews

B. Compliance & Certifications

moccet maintains compliance with the following standards and regulations:

ISO/IEC 27001:2022 - Information Security Management Systems
NIST Cybersecurity Framework - Full implementation of all five core functions
GDPR - General Data Protection Regulation (EU) 2016/679
CCPA/CPRA - California Consumer Privacy Act and California Privacy Rights Act
HIPAA - Health Insurance Portability and Accountability Act (where applicable)
PCI DSS Level 1 - Payment Card Industry Data Security Standard
SOX - Sarbanes-Oxley Act compliance for public company data

II. Limitations of Liability & Legal Protections

A. Comprehensive Liability Limitations

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MOCCET SHALL NOT BE LIABLE FOR:

ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES
LOST PROFITS, REVENUES, BUSINESS OPPORTUNITIES, OR ANTICIPATED SAVINGS
LOSS OF DATA, BUSINESS INTERRUPTION, OR SYSTEM DOWNTIME
REPUTATIONAL HARM OR DAMAGE TO BUSINESS RELATIONSHIPS
ANY DAMAGES EXCEEDING THE FEES PAID BY USER IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT
FORCE MAJEURE EVENTS INCLUDING BUT NOT LIMITED TO: ACTS OF GOD, NATURAL DISASTERS, WAR, TERRORISM, RIOTS, EMBARGOES, ACTS OF CIVIL OR MILITARY AUTHORITIES, FIRE, FLOODS, ACCIDENTS, PANDEMIC, STRIKES, OR SHORTAGES OF TRANSPORTATION, FACILITIES, FUEL, ENERGY, LABOR, OR MATERIALS

B. Third-Party Actions & User Responsibilities

moccet expressly disclaims all liability for:

Actions of third parties, including but not limited to hackers, cybercriminals, nation-state actors, or malicious insiders
User's failure to implement reasonable security measures including but not limited to: strong passwords, MFA enablement, regular security updates, and secure network usage
Unauthorized access resulting from user negligence, including credential sharing, phishing susceptibility, or social engineering
Data breaches occurring on user's systems, networks, or devices
Integration failures with third-party services or APIs

III. Shared Responsibility Security Model

A. moccet's Security Obligations

moccet commits to maintaining commercially reasonable security measures including:

Infrastructure security and maintenance
Platform-level security controls and monitoring
Regular security assessments and improvements
Incident response capabilities and breach notification as required by law
Employee security training and background checks

B. User's Security Obligations

Users are solely responsible for:

Maintaining secure access credentials and immediately reporting any suspected compromise
Implementing appropriate access controls within their organization
Ensuring compliance with all applicable laws and regulations for their use case
Backing up critical data and maintaining business continuity plans
Training their employees on security best practices
Conducting security assessments of their own systems and integrations

IV. Incident Response & Breach Notification

A. Incident Response Protocol

In the event of a security incident, moccet will:

Activate our Incident Response Team within 4 hours of detection
Contain and mitigate the incident using industry best practices
Conduct forensic analysis to determine scope and impact
Notify affected users within 72 hours as required by applicable law
Provide updates through our Security Status Page
Conduct post-incident review and implement improvements

B. Breach Notification Limitations

moccet's breach notification obligations are limited to those required by applicable law. We expressly disclaim any liability for:

Delays in notification due to law enforcement requests or ongoing investigations
Inability to notify users due to outdated or incorrect contact information
Secondary breaches or damages resulting from user's failure to take appropriate action post-notification

V. Data Protection & Privacy Rights

A. Data Processing & Storage

moccet processes data in accordance with the following principles:

Data Minimization: We collect only data necessary for service provision
Purpose Limitation: Data is used solely for stated purposes in our Privacy Policy
Retention Limits: Data retained only as long as necessary or legally required
Geographic Storage: Primary data storage in US East/West regions with backup in EU (Ireland)
Subprocessors: All subprocessors undergo security assessment and sign Data Processing Agreements

B. User Rights & Limitations

Subject to verification of identity and applicable law, users may have rights including:

Access to personal data (subject to security and confidentiality restrictions)
Correction of inaccurate data
Deletion of data (except where retention is legally required)
Data portability in machine-readable format
Objection to certain processing activities

IMPORTANT: Exercise of these rights may result in inability to provide services. moccet reserves the right to charge reasonable fees for excessive or repetitive requests.

VI. AI Systems & Machine Learning Security

A. AI Model Security

moccet's AI systems incorporate advanced security measures:

Model isolation and sandboxing to prevent cross-contamination
Adversarial training to resist manipulation attempts
Regular bias testing and fairness audits
Encrypted model weights and parameters
Audit trails for all AI decisions and recommendations

B. AI Liability Limitations

moccet expressly disclaims liability for:

AI-generated content accuracy, completeness, or suitability for any purpose
Decisions made based on AI recommendations
Potential biases in AI outputs despite our mitigation efforts
Changes in AI model performance over time
Intellectual property issues arising from AI-generated content

VII. Legal Remedies & Dispute Resolution

A. Mandatory Arbitration

ANY DISPUTE ARISING FROM OR RELATING TO SECURITY MATTERS SHALL BE RESOLVED THROUGH BINDING ARBITRATION UNDER THE COMMERCIAL ARBITRATION RULES OF THE AMERICAN ARBITRATION ASSOCIATION. The arbitration shall be conducted in Delaware, with Delaware law governing. Each party bears its own costs regardless of outcome.

B. Class Action Waiver

YOU WAIVE ANY RIGHT TO BRING CLAIMS ON A CLASS, CONSOLIDATED, REPRESENTATIVE, COLLECTIVE, OR PRIVATE ATTORNEY GENERAL BASIS. Claims must be brought individually.

C. Limitation Period

Any claim must be brought within ONE (1) YEAR after the cause of action arises, or be forever barred.

VIII. Indemnification

You agree to indemnify, defend, and hold harmless moccet, its officers, directors, employees, agents, licensors, and suppliers from and against all claims, losses, expenses, damages, and costs, including reasonable attorneys' fees, arising from:

Your violation of this Security Policy or any applicable law
Your negligent or wrongful conduct
Your unauthorized use of our services
Security breaches attributable to your actions or omissions
Third-party claims related to your use of our services

IX. Policy Updates & Modifications

moccet reserves the unilateral right to modify this Policy at any time. Continued use of our services after posting of changes constitutes acceptance. For material changes, we will provide 30 days' notice via email or platform notification. Users who object to changes must discontinue service use.

X. Final Provisions

Severability: If any provision is deemed unenforceable, remaining provisions continue in full effect.
Entire Agreement: This Policy, together with our Terms of Service and Privacy Policy, constitutes the entire agreement regarding security matters.
No Waiver: Our failure to enforce any provision does not constitute waiver of future enforcement.
Survival: Provisions regarding liability limitations, indemnification, and dispute resolution survive termination.

BY USING MOCCET'S SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS SECURITY POLICY.

moccet connect