Security and governance

Mumoactive is built by Mumo. At Mumo, we take security seriously. We built our platform to help us manage our health, so we want to be just as confident as you that our information is safe. Both technically and organisationally, we do everything possible to keep your data protected.

View our white paper on security and governance here.

NHS Information governance

We meet NHS Information Governance Business Partner compliance.. These are comprehensive requirements which define the information governance standards for Mumoactive. This means that we adhere to the required standards for an organisation storing and handling health data in the UK. It also means you can store confidential information like NHS or health insurance numbers.

Our NHS Data Security and Protection report is available online.

Data encryption in transit and at rest

We use industry-standard encryption to keep data confidential. All data on Mumoactive servers is encrypted to AES-256, transit from device to database: over TLS 1.2 using RSA 2048-bit key defaulting to minimum AES-256 and transit from web client and mobile clients to database: over TLS 1.2 using RSA 2048-bit key defaulting to minimum AES-256

It is also important that data can’t be compromised in other ways: our company website – what you’re reading right now – is also encrypted using SSL, all our desktop and laptops at Mumoactive are encrypted, and all our company fileservers are encrypted too.

Disaster recovery and backups

We have comprehensive disaster recovery and business continuity processes to ensure that in the event of system outages, we can be back up and running quickly with no loss of data. We regularly test and audit our processes to make sure that they work when we need them most. We constantly replicate our database to another secure site to guard against data loss.

Where data is stored

All Mumoactive data is stored on ISO 27001-compliant servers in England. No personal data leaves the UK.

Data protection

We adhere to the Data Protection Act in the UK, in how we handle your information. It’s the same level of protection that you would expect of any other company or organisation that handles your personal data.

Policies and standards

Mumo has developed a set of policies and standards which are aligned with NHS Information Governance Toolkit standards. These cover topics including:

  • Acceptable Use Policy
  • Access Control Policy
  • Backup And Recovery Policy
  • Business Continuity Policy
  • Data Classification Policy
  • Data Handling Procedures
  • Data Protection Policy
  • Incident Policy
  • Information Governance Policy
  • Network Policy
  • Physical Security Policy
  • Records Management Retention Schedule Policy
  • Remote Access Policy
  • End User Access Controls
  • Cryptography Policy


Our Privacy Policy defines what happens to your personal data. In brief: we are providing a service to you and your data is yours. If you wish to share your data with another organisation, you must give them permission to see your Mumoactive data.


If you have any questions or concerns about your data, we are more than happy for you to get in touch with us.

Email us with any queries you have.