mangoe.
Get beta access
Security & trust

Your data, protected by design.

Mangoe and ZappyBook are built with security and privacy at the core. Here’s how we keep your information, and your clients’ information, safe.

Encryption everywhere

Data is encrypted in transit and at rest, and secrets and access tokens are stored securely.

Trusted infrastructure

We run on Amazon Web Services, with hardened configurations, network isolation, and regional hosting options for your data.

Least-privilege access

Access to systems is role-based, logged, and limited to those who need it. We never store your Google, Meta or Intuit passwords, only scoped OAuth tokens.

Export or delete anytime

Export your data or delete it whenever you like. We don’t sell personal information.

Monitoring & backups

We log activity, monitor for anomalies, and back up data regularly so it can be restored. Resilience is part of the design.

Authenticated email

All email is sent with SPF, DKIM and DMARC and one-click unsubscribe, so messages are trustworthy and easy to opt out of.

Our security practices

We apply layered controls across our people, processes and technology:

  • Secure development: code review, dependency scanning, and least-privilege service accounts.
  • Data protection: encryption in transit and at rest, tenant isolation, and careful handling of sensitive fields such as property-access codes.
  • Access management: role-based access, audit logging, and strong authentication for internal systems.
  • Token & secret handling: third-party OAuth tokens are encrypted and vaulted; we never store your third-party account passwords.
  • Vendor management: sub-processors are vetted and bound by contract to protect your data (a current list and a Data Processing Addendum are available to customers on request).
  • Privacy by design: we build our practices around the Australian Privacy Principles, and we plan to pursue independent security assessments as we grow.

Responsible disclosure

Found a vulnerability? We’d genuinely like to hear from you. Email info@mangoe.co with details and steps to reproduce. Please give us a reasonable chance to fix the issue before disclosing it publicly, and don’t access or modify data that isn’t yours. We won’t pursue good-faith researchers who follow this policy.

Incident response

If a security incident affects your data, we’ll investigate, contain it, and notify you and the relevant regulators where required by law (such as the OAIC under the Notifiable Data Breaches scheme). See our Privacy Policy for details.

Questions about security or want our security documentation? Contact info@mangoe.co.