- Text 1
How Moveworks earns and maintains trust with every customer
AWS is Moveworks' cloud hosting provider
All customer data remains in its region and is never transferred elsewhere.
Moveworks is hosted in the following AWS regions:
- US Commercial
- EU Commercial
- US GovCloud
- Canada
- Australia
The privacy of your data is always respected
Moveworks is committed to safeguarding all customer data through the most up-to-date and comprehensive protection measures.
Industry compliance that goes above and beyond
Strict compliance with global, regional, and industry-related privacy laws and security standards is always adhered to and measures are regularly optimized, implemented, and updated to meet additional compliance obligations as needed or requested.
ISO/IEC 27001:2013
Global standard for information security management systems
ISO/IEC 27017:2015
Code of practice for information security controls for cloud services
ISO/IEC 27018:2019
ISO/IEC 27701:2019
SOC 2 Type 2
CSA Star Level 2
Enhanced security controls for cloud service providers
GDPR
Protecting data privacy rights
CCPA
Safeguarding consumer privacy rights
FedRAMP
Providing government-grade trust, security, and privacy
AI security and privacy by design
Moveworks applies stringent security and privacy standards to protect LLMs, including safeguards against risks such as hallucinations, disinformation, harmful content creation, data poisoning, prompt injection, and more.
The following enterprise-grade security approaches, tools, and practices are always employed:
- No customer data is used to train global generative models.
- A content moderation system to filter harmful or inappropriate content, ensuring safe interactions.
- Fact verification to optimize accuracy of information generated.
- Prompt protection to safeguard against prompt injection attacks, enabling GenAI tools to respond accurately and securely to user inputs. This protection also helps maintain the integrity of interactions and prevents unauthorized data manipulation.
- Query risk assessment to identify and mitigate potential risks associated with user queries.
- A grounded knowledge system that allows us to ground our solutions with the most up-to-date and trustworthy documentation available.
- Identity validation that relies on deterministic systems and source-of-truth methodologies for authentication and authorization, ensuring secure access to systems and data without the use of LLMs.
Reporting vulnerabilities
Moveworks’ bug bounty program
We value the security of our products and services — and we appreciate your help in keeping them safe. If you find a vulnerability in our products or services, please report it to us through our bug bounty program website.
Moveworks’ bug bounty program is open to all researchers, regardless of their experience level. We offer rewards for vulnerabilities of all severity levels, and we will work with you to ensure that your report is investigated and addressed as quickly as possible.
