Tilt Legal takes a security-first approach to building and operating Mobius. Your data is encrypted, access is governed by role-based controls, and our practices are independently certified and regularly audited.
## Encryption
Your data is encrypted at all times. AES-256 protects data at rest. TLS 1.3 protects data in transit between your device and Mobius.
## Access controls and isolation
Access to your information is restricted to authorised users and governed by role-based controls.
Mobius enforces strict resource isolation between environments. Data from one matter, client, or workspace cannot cross into another.
## ISO 27001:2022 certification
Mobius is certified to **ISO 27001:2022**, the international standard for information security management. You can [view our current certificate on the IAF register](https://www.iafcertsearch.org/certified-entity/NtZmaeiU45xAAQKj5oeNxr79).
ISO 27001 covers the full programme: how we manage risk, train staff, handle access, monitor systems, and respond to incidents.
## Independent audits
Beyond certification, we engage third-party security experts to audit our practices on a regular cadence.
## Incident response
We maintain documented procedures for detecting, responding to, and managing security incidents. These cover internal escalation, customer notification where applicable, and post-incident review.
---
*For more detail or to discuss specific compliance requirements, contact *[support@tilt.legal](mailto:support@tilt.legal)*.*