Security and trust

No. Momentic never stores nor sees your login credentials. You sign in directly with our authentication provider which provides connections to Google, Microsoft, and GitHub.

Momentic is hosted on Google Cloud Platform. Our instances are located in the United States West region. If you would like to allowlist Momentic in your firewall, we are happy to provide our static egress IP address.

None of your data is edited or deleted without your interaction. If you would like your data to be permanently deleted, please email security@momentic.ai.

Momentic has a permissions model following the principle of least privilege. Users can be an admin, editor, or viewer. Only admins and editors have access to view and edit secrets. Secrets are encrypted and never leave our platform.

Momentic uses OpenAI and Anthropic as our AI providers. During step execution, we send the current browser state and the step content to LLMs for analysis. We audit all data passed over the wire to ensure no sensitive data ever leaves the Momentic platform.

Momentic does not need access to your source code. It uses a browser to interact with your application like an end user. The only pieces of data that are passed to Momentic’s infrastructure are screenshots and a processed version of the accessibility tree.

Please contact support@momentic.ai if you’d like Single Sign-On via Security Assertion Markup Language (SAML) or other authentication controls for your organization.

We work with companies and tools to store, analyze, and transmit data on behalf of our users. These companies have been vetted for best-in-class security practices.

Momentic is currently working to complete a SOC 2 certification.

We follow security best practices and have planned to have them audited externally as part of the SOC 2 certification.

We have systems and processes in place to review security issues. Incoming reports are timely reviewed and triaged. To share a security concern, reach out to security@momentic.ai.