MantisHub Security

MantisHub has been rated A+ from 3rd party security evaluators so we can assure our customers that MantisHub delivers a high level of security 



If you need further details on our security measures we've addressed the most frequently asked questions below:

Application Security
MantisHub is always running latest version of MantisBT along with all security patches and new features. Servers hosting MantisHub do not run any other applications and don’t run any kind of custom code or plugins that are provided by customers.

Two-Factor Authentication for our Users
MantisHub enables customers to deploy two-factor authentication for their users by utilizing our federation with services like Azure AD, Google Suite, Github and Bitbucket.

Two-Factor Authentication for our Team
Services used for MantisHub hosting and related SaaS services that we used for operations are all configured for our team members to use two-factor-authentication.  That ensures protection of our hosting environment and client data.

Server Security
MantisHub patches its servers on a weekly basis. For high profile vulnerabilities (i.e. hartbleed) servers are patched as soon as the fix became available.

Access to server is authenticated using PKI keys rather than usernames and passwords providing higher level of security.

Encryption on the wire
All communication to MantisHub happens via HTTPS leveraging SSL for data encryption over the wire. Our SSL server configuration and security has been rated as A+ by 3rd parties that assess server security.

Encryption at REST
All hosted data is encrypted at rest.

We value our customers privacy. We don’t share or sell your data in any way. Customer data is accessed by our support team for the purpose of providing support to our customers. Such access is audited. See more details in our private policy

Data Retention
Customer MantisHub data is only used and retained to service our customers and their users. In case of cancellation all MantisHub data and backups are purged within 30 days.  A customer can also request that their data be deleted effective immediately.

Business Continuity, Backups and Disaster Recovery

We run daily backups to protect against failures or corruption. Customers are able to download backups of their data at any time so customer data is easily transportable if you decide to stop using the service.

We have a distributed team across US, Asia and Australia. MantisHub runs on AWS servers located in US and EU, which helps with redundancy and recovery.

MantisHub have been in business for 10 years, but in the unlikely event of liquidation, customers own their own data.

Data Isolation and Export
MantisHub data for each customer is isolated into its own database. This providing added security and isolation. This also enables customer initiated backups and export of all data if they decide to stop using MantisHub.

Penetration Detection
MantisHub services are protected using penetration detection services that audit all our servers and logs.  Such service would highlight and alert on potential security improvements or any suspected attacks.

Hosting Environment
All servers are hosted in AWS cloud. We have server clusters located in US region and in the EU. Your service can be hosted within a specific region on request. 

We provide 99.9% availability SLA for MantisHub.

Payment Method Security
We use a third party service for payment processing (Stripe). All your payment method details are stored in a secure vault within Stripe. MantisHub service and team never get access to your payment details, we simply get a token that enables charging your payment method.  The invoicing service (Maxio) manages the invoicing but doesn't have access to payment info.

Money-back guarantee
If a customer is not satisfied with our service, we provide a money back guarantee for any payments collected within the last 30 days.

Terms of Service
See our detailed terms of service


If you have any other questions you can always contact our support team.

Have more questions? Submit a Request