Security Policy
and Certifications

Last updated on 28th February 2024

Ranging from startups to established organizations, many customers use our products and services. This gives us a heavy responsibility for maintaining data security and compliance that comply with global regulations to ensure privacy and security needs.

Product Security

We at Scrapeworks follow the agile mode of development, where deliverables are released in patches and continuously integrated to meet both business demands and security agreements.

Scrapeworks prioritizes security by implementing robust measures to protect user data, system resources, and the overall application from various threats. Security is an ongoing process at our organization, and we remain committed to continuously evaluating and improving our security posture to adapt to evolving threats.

  • Secure logins and role-based access to restrict unauthorized access.

  • Encryption: Encryption of all sensitive data using industry-standard algorithms.

  • Data Masking: Masking sensitive data displayed to users to minimize exposure.

Physical Security

24x7x365 video surveillance: Mobius office is under 24x7x365 video monitoring both at the premises level and floor level to ensure only authorized individuals access the building and the office.

  • This is covered by Security guards, Biometric Access, and fire/smoke alarms.

Two-factor authentication: Only authorized personnel can enter the Mobius workstation. Smart card readers and security guards are present both at the premise and floor level, which makes it impossible for any unauthorized person to enter.

Visitor policy: Visitor policies are adhered to rigidly by all our employees. Our security guards are intimated in advance about any visitors, and a proper letter has to be produced for them to enter the office. Any visitor is always accompanied by our employee both inside the building and the office.

Business continuity: All the data and applications are hosted in industry-leading Amazon Web Services and in Microsoft Azure, whose data centers have been thoroughly tested for security, availability, and business continuity.

  • Utilizing two major cloud providers, Azure and AWS, we offer geographically diverse infrastructure, increasing resilience against regional outages or disasters. If one cloud faces issues, the other can act as a backup, minimizing downtime and data loss.

  • Access to a wider range of services and technologies across both platforms can accelerate innovation and development.

Network Security

Our network is well-updated with the latest version of firewalls and antivirus software to protect all internal and external communications to detect and alert any intrusions in case of any threat. A multi-factor authentication is always required to access any production system. Logs are maintained and reviewed periodically to mitigate any incident. The NOC and SOC teams monitor the infrastructure 24x7 for stability, intrusions, and spam using a dedicated alert system. Our in-house IT team performs vulnerability tests and penetration tests every 90 days. All the data transmission is done through Transport Layer Security (TLS 1.2 & above) and Hyper Text Transfer Protocol Secure (HTTPS). We make sure no sensitive data values are stored in clear text.

Data Retention and Deletion

We retain customer-related data using your personally identifiable information (PII) till your account is active or as per your request. We gather PII with your work mail ID and contact name when you sign up for our services. We do not disclose your information to anyone as part of our Privacy Policy. In addition, to comply with our legal obligations, resolve disputes, and enforce our agreements. Once your service agreement term gets over, we delete all your data as part of the SOD (statement of destruction) policy.

  • The data stored on a storage medium, such as hard drives, solid-state drives, or other persistent storage devices, are encrypted to secure the information and prevent unauthorized access.

  • We enforce Full Disk Encryption (FDE)/File level encryption, regular audits, and monitoring of the encrypted data to ensure that the encryption is effective to meet the security standards.

  • Data - shall only be retained for a specified period of time and should not be kept for longer than necessary as per contractual agreement with the client.

Customer Data Access

Our technical experts have access to sensitive customer data for the effective development of the application. Access to customer data is provided over two-factor authentication and stored in a VPN. All access is logged, and no unauthorized person is allowed to obtain the customer data.

  • Two-factor authentication and password policy are enforced along with active directory integration.

  • Role-based access control is enabled across projects. RBAC gives only necessary access to users to perform their jobs and curtails accessing other information. This control is monitored regularly.

Information Security Policy:

Mobius is committed to ensure confidentiality, Integrity, and availability of its critical information assets and business processes, and minimize disruptions during the execution of its core and supporting business operations.

Security Certifications

ISO/IEC 27001 is the best-known standard for an information security management system (ISMS) and is awarded to organizations that comply with ISO's high international standards. Mobius has acquired ISO/IEC 27001:2013 certification for applications, systems, people, technology, and processes.

ISO 9001 is a standard for quality management systems (QMS) and is awarded to organizations that comply with global standards. Mobius has acquired ISO 9001: 2015 certification for products and services that meet customer requirements and assurance.

NIST is the National Institute of Standards and Technology, a bureau that promotes and maintains measurement standards. It ensures organizations develop and maintain applications according to industry standards. Mobius is NIST accredited.

SOC 2 is an auditing procedure that ensures service providers securely manage customer data to protect the interests of the organization and the privacy of its clients. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria. Mobius is SOC 2 Type II compliant.

For more information on our policies and certifications, please contact [email protected] or [email protected]



If you believe you’ve discovered a bug in our security, please get in touch at [email protected], and we will get back to you within 24 hours or earlier. We request you not publicly disclose the issue until we have had a chance to address it.