MuchSkills is designed and operated with a security-first mindset. We follow industry best practices to protect customer data and ensure service reliability. This page outlines our infrastructure choices, platform architecture, and key security controls in place across the application lifecycle.

Hosting and architecture

• Cloud provider: Amazon Web Services (AWS), Stockholm region (eu-north-1)
• Data center compliance: AWS facilities hold certifications including ISO 27001, SOC 2, PCI DSS, and CSA STAR
• Database platform: MongoDB Atlas, hosted in Stockholm, configured with automatic encryption, private networking, and role-based access
• Application environment: Isolated development, staging, and production environments with strict access control

Application development and SDLC

• Secure development lifecycle (SDLC): Our engineers follow secure coding practices and undergo code reviews before deployment
• Dependency management: Automated tools scan for vulnerabilities in third-party libraries
• Environment segregation: Production data is fully isolated; development and testing environments do not contain real user data
• Change management: Changes to infrastructure or application logic follow a documented and reviewed change process

Access control

• Role-based access: Only the CEO, CTO, and Head of Product have direct access to production data
• MFA enforcement: All infrastructure and administrative tools require multi-factor authentication
• Zero shared credential policy: All access is individual, logged, and revoked immediately upon offboarding
• Audit logging: Infrastructure and application logs are monitored for unusual activity via AWS CloudWatch and MongoDB Atlas activity feeds