Security

EngineRoom ensures the highest level of security for your data

With nearly 20 years of experience building and supporting software for thousands of the world's leading organizations, EngineRoom is designed from the ground up with security, privacy, and reliability at its core. From secure infrastructure and encrypted data handling to strict internal controls and rigorous testing, we take every measure to protect the integrity of your information.

Security is not a one-time effort—it's an ongoing commitment. We continuously monitor and refine our systems to ensure that EngineRoom remains robust, available, and resilient to evolving threats. Regular internal reviews, third-party assessments, and adherence to leading industry standards help us stay ahead of risks and maintain uninterrupted access for users around the world.

Whether you're using EngineRoom for internal process improvement or regulated analysis, you can trust that your data is protected by enterprise-grade technology, secure development practices, and a company-wide culture of security.

Security Infrastructure

All services are hosted on Microsoft Azure, providing robust, enterprise-grade cloud infrastructure with built-in compliance and security controls. Data is encrypted both in transit and at rest. Microsoft Azure undergoes regular independent audits for a range of compliance standards, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, CSA STAR, HIPAA, and PCI DSS.

SOC 2 Compliance

EngineRoom is SOC 2 compliant, reflecting our commitment to securing customer data according to the highest industry standards. This independent audit validates that our systems and processes meet strict criteria for security, availability, and confidentiality—ensuring your data is handled with integrity and care throughout its lifecycle.

Threat Detection & Monitoring

MoreSteam employs multiple anti-virus solutions across all development, database, and application servers. A daily vulnerability assessment is conducted on our databases, and both intrusion detection (IDS) and intrusion prevention systems (IPS) are active on application servers. Any potential security findings are automatically flagged and sent to our system administrators for immediate review.

User Authentication

EngineRoom uses the industry-standard OAuth 2.0 protocol to securely authenticate users. All users must log in with a valid username and password before accessing any sensitive projects or data. Login activity is recorded, and brute-force protection is enforced through automatic account lockouts after a limited number of failed attempts. Administrator intervention is required to reset locked accounts, adding an additional layer of protection.

Data Encryption & Secure Storage

All communication between users and EngineRoom is encrypted using HTTPS/SSL with the TLS protocol, ensuring that data in transit is protected. Files uploaded for analysis or sharing are stored in encrypted Microsoft Azure storage and protected by network firewalls. In addition, a Web Application Firewall (WAF) helps safeguard EngineRoom from OWASP Top 10 vulnerabilities.

Access Controls & Data Isolation

EngineRoom enforces strict access controls to keep customer data isolated and protected. Uploaded data is fully controlled by the user, and EngineRoom is not designed to store sensitive personal data such as health or payment information.

Payment Security

All credit card and payment information is handled by a PCI DSS compliant Level 1 service provider—the most stringent level of certification available in the payments industry. Regular audits are performed by independent security assessors to meet the highest standards in payment processing.

Personal Data Privacy

We are GDPR compliant and never sell or share your personal information. Your data remains your own—we are committed to transparency and trust.

Always Available

EngineRoom is designed for global use and is highly available—whether your team is working across cities or continents. Our secure infrastructure ensures reliable access.

Validation Support

EngineRoom also offers a Validation Kit to support teams operating in regulated environments, such as FDA-regulated industries. The kit contains documentation of our development and testing process, NIST-based datasets, expected output images, and step-by-step instructions—making it easy for your organization to validate EngineRoom's accuracy and compliance. To request a copy, please visit our validation kit page.