Mission Control by Stranded

Security & Trust

Security at Mission Control

Mission Control is designed with security, operational integrity, and data protection in mind. Mission Control is built with SOC 2-aligned security practices in mind and designed to support strong access control, auditability, and privacy. Security controls are actively maintained and improved as the platform grows.

Mission Control does not claim SOC 2 certification on this page. This page is intended to help prospects, customers, and procurement reviewers understand the security controls currently in place and the direction of our security program.

Last Updated: May 8, 2026

1. Trust & Security Overview

Mission Control centralizes operational, reporting, connected-system, and account activity that may be sensitive for customers and internal teams. Because of that, the platform is designed to support strong authentication, verification, logging, privacy controls, and operational review workflows.

Security responsibilities are shared. Mission Control maintains platform-level safeguards, while each customer remains responsible for managing authorized users, internal approval decisions, connected third-party permissions, and appropriate use of exported or integrated data.

Mission Control currently relies on vetted infrastructure providers including DigitalOcean for core hosting and application operations.

Account Protection

Email verification, optional SMS verification, suspicious activity detection, and login verification workflows help reduce unauthorized access.

Auditability

Security-sensitive events, authentication activity, and administrative security actions are logged to support internal review and investigation.

Privacy Controls

Phone numbers and sensitive account data are handled with privacy-conscious controls, masked logging, and user-managed security settings.

Operational Monitoring

Security events are monitored, suspicious activity can trigger additional verification, and internal workflows support incident review and response.

2. Account Protection

Mission Control supports multiple account protection controls intended to help confirm user identity and reduce unauthorized access risk.

  • Email and password authentication.
  • Google Sign-In and Microsoft account authentication.
  • Email verification codes are used for supported account verification and recovery workflows.
  • Optional SMS verification with Twilio can be used for account security, verification prompts, and suspicious activity review.
  • Suspicious activity detection can trigger additional login verification or account checks.
  • Phone numbers are only saved as trusted security numbers after successful code confirmation.
  • Users can manage verified phone numbers from their profile or security settings.
  • Unverified phone numbers are treated as pending values and are not promoted to trusted account security numbers until verification succeeds.

3. Multi-Factor & Adaptive Verification

Mission Control may require additional verification when suspicious activity is detected or when a higher-risk account event needs extra confirmation.

  • Verification may occur through email or SMS depending on the workflow and account state.
  • Mission Control may require additional verification for risky sign-ins, unusual activity, or sensitive account security actions.
  • SMS codes are used for account security, not marketing.
  • Verification codes expire and may be rate-limited to reduce abuse and repeated guessing attempts.
  • Privileged internal access may require additional re-verification based on account role and security policy.

4. Platform Security Controls

Mission Control includes platform-level controls designed to protect customer accounts, support least-privilege access, monitor suspicious activity, and maintain an auditable record of security-sensitive events.

These controls are designed with SOC 2-aligned practices in mind, built to support auditability, access control, and security monitoring, and security controls are actively maintained and improved.

Admin MFA Enforcement

Administrator and privileged accounts are protected with stronger verification requirements, including email and/or SMS verification where appropriate.

Role-Based Access Control

Access is limited based on user role and permission level to support least-privilege access across the platform.

Super Admin Audit Logs

Security-sensitive actions are logged to support review, investigation, and accountability for internal platform operations.

Session Security

Mission Control monitors sessions for unusual behavior and may require additional verification or invalidate sessions when risk is detected.

Suspicious Activity Detection

Risky login behavior, new devices, new IP addresses, repeated failed attempts, and unusual activity can trigger additional verification.

Secure Secrets & Credential Handling

Credentials, API keys, and sensitive configuration values are handled securely and are not exposed in logs or user-facing interfaces.

Data Protection

Mission Control uses encryption in transit and privacy-conscious handling of sensitive account and platform data.

Monitoring & Incident Response

Security events are monitored and internal review workflows support investigation, escalation, and response.

Data Retention & User Controls

Users can manage certain account security data, including verified phone numbers, and unverified numbers are not stored as trusted 2FA numbers.

Subprocessor Transparency

Mission Control maintains transparency around third-party providers used to operate the platform, including Twilio for SMS verification.

5. Suspicious Activity Monitoring

Mission Control monitors security-relevant account and session behavior to help identify access patterns that may require additional review or verification.

  • Login from a new device
  • Login from a new IP address
  • Unusual location
  • Repeated failed login attempts
  • Suspicious session behavior

When appropriate, suspicious activity can trigger verification prompts, session invalidation, internal review, or follow-up security investigation.

6. Super Admin Audit Logging

Security-sensitive events are logged for internal audit, monitoring, and investigation workflows. These logs are intended to support accountability, operational review, and incident response.

  • Authentication events and login outcomes
  • Verification attempts and verification failures
  • Admin actions and privileged security changes
  • Suspicious activity detections
  • Account security changes such as phone verification, session revocation, and related account-protection events

Phone numbers are masked in logs where applicable. Verification codes, raw secrets, and sensitive credentials are not logged.

7. Data Protection

Mission Control applies safeguards designed to support confidentiality, integrity, and privacy of customer and account data.

  • Encryption in transit using HTTPS/TLS
  • Secure handling of sensitive account data
  • Least-privilege access practices for internal operations
  • Secure credential and secret handling
  • Privacy-conscious logging and operational telemetry
  • Restricted access paths for administrative and security-sensitive workflows

No internet-based service can guarantee absolute security. Mission Control does not claim immunity from all vulnerabilities, attacks, outages, or unauthorized activity.

8. Privacy & User Control

Mission Control is designed to give users visibility and control over security-related profile data while avoiding promotional use of security contact information.

  • Phone numbers are used only for security verification, suspicious activity alerts, and account recovery.
  • Users can update or remove phone numbers from profile or security settings, subject to account security checks.
  • Unverified phone numbers are not stored as trusted 2FA numbers.
  • Mission Control does not describe or use security SMS messages as promotional messaging.

Additional details about how Mission Control handles personal information are available in the Privacy Policy and Terms of Use.

9. Subprocessors & Service Providers

Mission Control uses service providers to support infrastructure, communications, security workflows, and platform operations. The current list is available on the Subprocessors & Vendors page.

Twilio is used for SMS verification and security messaging. Twilio may process phone numbers, verification metadata, and SMS delivery metadata for security purposes.

Customers and reviewers can use the public Subprocessors page to review current vendors, change history, and subscription options for vendor updates.

10. Incident Response & Monitoring

Mission Control maintains monitoring and internal review workflows intended to support investigation and response when security issues or suspicious activity are identified.

  • Security events are monitored.
  • Suspicious activity can trigger additional verification.
  • Internal review workflows and audit logs support investigation and response tracking.
  • Operational and security logging supports internal escalation and follow-up analysis.

11. Compliance Roadmap

Mission Control is actively building and maintaining security controls aligned with SOC 2 best practices. Formal compliance status will be updated if and when certification is completed.

We do not currently claim SOC 2 certification on this page. Security, privacy, and compliance materials may be updated over time to reflect operational improvements, vendor changes, legal requirements, and product evolution.

12. Security Questions & Support

Have a security question? Contact support or review our Privacy Policy, Terms of Use, Help Center, and Subprocessors.

If you believe you have discovered a security vulnerability in Mission Control, please report it to security@stranded.me.

Cookie Notice

Mission Control by Stranded uses essential cookies to keep the platform secure and functional. With your permission, we also use analytics and marketing cookies to improve performance and measure campaigns.