SECURITY

Built to hold the most sensitive things your IT team owns.

Your whole company's passwords, tickets and assets live in here. This page shows the controls protecting them today — and what we're still verifying before we claim it.

Encryption at rest and in transit

TLS on the way, rotating keys at the destination.

Passkeys as your second factor

Touch ID, Face ID and Windows Hello — no code to leak.

LGPD by default

Legal bases, a DPA, and permanent deletion on request.

01 · DATA

What happens to your data

Encryption at both ends of the road — and keys that hold no grudges about the past.

TLS in transit
All traffic between your browser and Movitera is encrypted.
Encryption at rest
Data is encrypted where it is stored.
Rotating key ring
Vault credentials use rotating keys — a compromised key doesn't expose the vault's history.
Backups and restore
Recurring backups and a restore process; retention requirements are handled in the DPA.
02 · ACCESS

Who gets in, and with what

A strong second factor by default, and permissions that respect each seat's scope.

Passkeys
Touch ID, Face ID or Windows Hello as the second factor — the recommended path, nothing to type.
TOTP and recovery codes
Authenticator apps and single-use codes for anyone not on passkeys.
Per-module permissions
Access by role and by module: whoever runs tickets doesn't see the vault.
Scoped seats
Requesters and wiki readers use a restricted free seat — the scope holds for integrations too.
Vault audit trail
Credential access and changes land in an audit trail.
03 · PRODUCT & AI

AI on a short leash

The AI works your operation — but writes require approval, and everything leaves a trace.

Human approval
Actions executed by AI go through approval before touching your data.
Durable action log
Every AI action is recorded — "who did what, when" always has an answer.
The requester’s permissions
AI acts with the permissions of the person asking — it never sees more than their seat allows.
04 · PRIVACY

LGPD

Personal data handled with a legal basis, a contract, and a way out.

Defined legal bases
Personal data is processed under documented legal bases.
DPA for customers
A data processing agreement, ready for your legal team.
Permanent deletion
Your data is permanently deleted on request.
Privacy policy
The full detail of how data is handled, on one page. Read the policy

Found something? Talk to us directly.

A security question, a compliance checklist, or a vulnerability report: we answer in writing, straight from the people who build the product — no mandatory call.

hello@movitera.com