Trust
Security & Compliance
Moovn moves people and money, so trust is engineered into the platform — not bolted on. Here's how we protect your data, your payments, and your identity across every product.
Last updated: July 3, 2026
- PCI-DSS SAQ-A scope
- HMAC hash-chained audit
- Deny-by-default RBAC
- TLS + encryption at rest
- Alias-only partner data
The controls
Engineered for trust, control by control
Each area below is a control Moovn is designed to meet across every product — described as what we engineer, not as a passed audit.
PCI-DSS — SAQ-A via Tokenization
Card details are captured only on our PCI-compliant payment providers' hosted pages or fields — never on our servers. We hold a payment token, card type, and last four digits; no full card number (PAN) or CVV is ever stored, logged, or transmitted through our systems. This is engineered to keep our scope at PCI-DSS SAQ-A. (A QSA confirms SAQ eligibility; this is a description of our controls, not a certification.)
Edge & Network Hardening
Traffic is protected at the edge with enforced TLS, security headers, and rate limiting, with a Web Application Firewall as part of our defense-in-depth roadmap. Gateway credentials and secrets are masked in every admin view and never echoed in full to a UI.
Tamper-Evident Audit Trail
Privileged admin actions — who did what, to whom, when, and with what outcome — are written to an append-only, HMAC hash-chained log modeled on Linux auditd. Any attempt to alter or remove a record breaks the chain and is detectable, giving us non-repudiable accountability across the admin surface.
Least-Privilege Access Control
Access is deny-by-default and role-based. Financial and administrative capabilities are gated per role and scoped server-side to the locations and resources a user is authorized for — so a user can never read or write beyond their granted scope, with explicit guards against object-level access bypass.
KYC & Identity Verification
Drivers and partners are verified through a documented KYC process. Additional credit and eligibility signals are strictly opt-in, allow-listed, and recorded with their provenance — designed for explainable, consent-based underwriting under the applicable data-protection and digital-credit rules.
Consent-First Data Handling
No partner or account is activated without explicit opt-in. Consent is captured verifiably — the terms version, a hash of the agreed document, and the timestamp and IP of acceptance — across the full invite → OTP → consent → approval lifecycle, all bound to the tamper-evident audit trail.
PII Minimization
Moovn is the system of record. Business partners and corporate accounts see aggregate figures and opaque, stable references — not names, phone numbers, or exact ride details. The minimum personal data ever leaves our trust boundary, which shrinks both risk and breach surface.
Encryption In Transit & At Rest
Data is encrypted in transit with modern TLS across every surface, and sensitive data is encrypted at rest. Passwords are stored only as salted one-way hashes — never in plaintext or reversible form.
Data Retention & Erasure
We retain personal data only as long as needed for its purpose or required by law, and honor user rights to access and erasure where we are not legally obligated to retain the records. See our Privacy Policy for details.
Responsible Disclosure
Security is a shared responsibility. If you believe you've found a vulnerability in a Moovn product, we want to hear from you. Please report it privately so we can investigate and fix it before any details are made public — and give us reasonable time to respond. We appreciate the researchers who help keep our users safe.
This page describes the controls Moovn is engineered to meet. It is a statement of our security posture, not an attestation of a completed audit or an active certification. For how we handle personal data, see our Privacy Policy.