Security Overview

Mainbranch is built with enterprise security in mind, providing robust protection for your organization’s data while maintaining ease of use.

Security Features

Google Workspace SSO

Microsoft Entra ID SSO

Data Privacy

Permissions

Authentication

Single Sign-On (SSO)

Mainbranch supports enterprise SSO through:

Google Workspace — OIDC-based authentication
Microsoft Entra ID — OIDC-based authentication (formerly Azure AD)

SSO provides:

Centralized user authentication
No separate passwords to manage
Automatic deprovisioning when users leave
Support for your existing MFA policies

Authentication Methods

Method	Description
Google SSO	Sign in with Google Workspace account
Microsoft SSO	Sign in with Microsoft 365 account
Email/Password	Traditional authentication (if enabled)

Access Control

Role-Based Access

Mainbranch uses role-based access control:

Role	Capabilities
Owner	Full access, workspace management
Admin	Settings, users, connectors
Member	Standard feature access

Permission Inheritance

Data access inherits from source systems:

Google Drive sharing settings are respected
Microsoft 365 permissions are maintained
Users only see content they have access to

Data Protection

Encryption

In Transit — All data encrypted with TLS 1.2+
At Rest — Data encrypted using AES-256
API Communications — Secure HTTPS connections

Data Isolation

Workspaces are isolated from each other
Multi-tenant architecture with strict separation
No data sharing between organizations

Data Handling

Data is processed for indexing only
Content is not used for AI model training
Data can be deleted upon request

Compliance

Security Practices

Mainbranch follows security best practices:

Regular security assessments
Secure development lifecycle
Incident response procedures
Employee security training

Infrastructure

Cloud-hosted on secure infrastructure
Regular security updates and patching
Network security controls
Access logging and monitoring

Administrator Security Controls

Workspace Settings

Administrators can configure:

SSO enforcement
Member management
Feature access (web search, file uploads)
Data retention policies

Monitoring

User activity logs
Connector status monitoring
Security event tracking

User Management

Invite-only access
Role assignment
Access revocation

For Users

Account Security

Best practices for users:

Use SSO when available
Enable MFA on your identity provider
Report suspicious activity
Sign out on shared devices

Data Access

You can only access data you have permission to view
Search results are filtered based on your access
Sensitive actions are logged

Security FAQ

Is my data used to train AI models?

No. Your organization’s data is used solely for providing Mainbranch functionality. It is not used to train AI models.

Who can see my searches?

Your searches are private to you. Administrators may have access to usage statistics but not individual query details.

What happens when an employee leaves?

When an employee is removed from your identity provider, they lose access to Mainbranch. SSO ensures access is revoked centrally.

How is data deleted?

Data can be deleted by:

Removing it from the source (syncs to Mainbranch)
Disconnecting a data source
Requesting data deletion from support

Getting Help

For security questions or concerns:

Contact your Mainbranch administrator
Review documentation for specific features
Report security issues to support