Trust
Trust & Security
MOBLUEHQ builds verification infrastructure for regulated work. This page summarizes how we handle data, who helps us run the service, and how to reach us about security.
Privacy posture
We collect only what we need to operate the site, respond to inquiries, and (when you use our products) deliver verification services. We do not sell personal information. Product traffic is designed so inference workloads can run without the scheduler seeing your underlying content — that architectural separation is central to the Blue substrate described in our portfolio.
See our Privacy Policy and Terms of Service for full details.
Data handling
- Website & forms: Contact and investor messages are transmitted to our inbox provider and stored only as long as needed to respond.
- Product data: Verification inputs and outputs are processed to deliver signed receipts. Retention periods vary by plan and are documented in product agreements.
- Logs: Operational logs (errors, latency, abuse signals) are kept for a limited period and access is restricted to personnel who need them.
- Encryption: Data in transit uses TLS. Data at rest uses provider-managed encryption on our cloud infrastructure.
- Deletion: You may request deletion of account-linked data by contacting us. Some records may be retained where required by law or for legitimate security purposes.
Subprocessors
We use vetted third parties to host and operate MOBLUEHQ. This list is updated when vendors change.
| Vendor | Purpose | Region | Status |
|---|---|---|---|
| Vercel | Website hosting & serverless functions | US / global edge | Active |
| FormSubmit | Contact & inquiry form delivery | US | Active |
| Stripe | Payment processing & billing | US | Planned |
| Resend | Transactional email | US | Planned |
| Plain | Customer support inbox | US | Planned |
| WorkOS | SSO & workforce identity | US | Planned |
Security contact
Report suspected vulnerabilities or security incidents to security@mobluehq.com. We aim to acknowledge reports within two business days.
Machine-readable contact details: /.well-known/security.txt
Vulnerability disclosure
We welcome good-faith reports from security researchers. Please:
- Email security@mobluehq.com with a description, reproduction steps, and impact assessment.
- Give us reasonable time to investigate and remediate before public disclosure (typically 90 days).
- Do not access, modify, or exfiltrate data belonging to other users.
- Do not perform denial-of-service testing against production systems.
We do not currently offer a paid bug bounty. We will credit researchers who request it and whose reports lead to a fix.
System status
Service availability and incident history: status.mobluehq.com