MORO. Back to Home

L.03  /  Legal

Security

Effective · May 8, 2026 Version · 1.0 Supercritical AI Inc. · Delaware, USA

Contents

  1. Overview
  2. Infrastructure
  3. Data Protection
  4. Access Control
  5. Device Security
  6. Monitoring
  7. Compliance
  8. Vulnerability Disclosure
  9. Contact

01 Overview

At Supercritical AI Inc., a corporation incorporated in the State of Delaware, United States, security is a core engineering discipline. This page describes the controls we maintain to protect the confidentiality, integrity, and availability of customer data across the MORO platform.

02 Infrastructure

  • Production workloads run in hardened cloud environments with isolated network segments.
  • All infrastructure changes are version-controlled and peer-reviewed.
  • Backups are encrypted and tested on a recurring schedule.

03 Data Protection

  • Encryption in transit: TLS 1.2+ for all external connections.
  • Encryption at rest: AES-256 for stored customer data.
  • Key management: Hardware-backed key stores with strict access policies.
  • Tenant isolation: Logical separation across customer accounts.

04 Access Control

  • Role-based access control with the principle of least privilege.
  • Mandatory multi-factor authentication for all employees.
  • Periodic access reviews and prompt off-boarding.

05 Device Security

MoroSight, MoroTag, and MoroGear use signed firmware, secure boot, and authenticated wireless protocols. Device updates are delivered over secure channels and verified before installation.

06 Monitoring

  • Continuous logging of authentication and administrative events.
  • Automated alerting on anomalies and suspicious activity.
  • Documented incident-response runbooks with defined severities.

07 Compliance

We design our controls to align with industry frameworks including SOC 2 and ISO 27001. Customers under specific regulatory obligations may request additional information through our Trust workflow.

Compliance attestations and audit reports are available to qualifying customers under NDA.

08 Vulnerability Disclosure

We welcome reports from the security community. If you believe you have discovered a vulnerability in any MORO product or service, please report it responsibly to the address below. Do not exploit, disclose publicly, or access data beyond what is necessary to demonstrate the issue.

09 Contact

Supercritical AI Inc. — Security
A Delaware corporation, United States
Email: security@moro.im

© 2026 MORO. All rights reserved.
Privacy Terms Security