An illustrated sunny valley where glowing deal-flow rivers wind toward a bright city — MCA Pilot moving deals to funded.

Your deal data, guardedat every layer

MCA Pilot runs on hardened, certified infrastructure — from the app and database, to our automation servers, to the AI that reads your statements and funder replies. Here's exactly how it's protected.

Talk to us about security

Report an issue anytime: support@mcapilot.com

Architecture

Three layers, one secure platform

  1. 01

    Application & data — Noloco

    The MCA Pilot app and your database run on Noloco, a platform certified to ISO/IEC 27001:2022. Data is encrypted in transit with 256-bit TLS and encrypted at rest, hosted in AWS data centers that are SOC 1, SOC 2, and ISO 27001 certified.

  2. 02

    Automation — self-hosted n8n

    Our workflows and business logic run on our own self-hosted n8n, across five dedicated Hetzner VPS servers in Ashburn, Virginia. Access to that infrastructure is protected with two-factor authentication.

  3. 03

    AI processing — Google Gemini

    Features like AI underwriting and auto-parsing funder replies send the specific deal data needed — such as uploaded bank statements and funder reply emails — to Google's Gemini models to generate their results.

Safeguards

How your data is protected

Encryption everywhere

Traffic between your device and our servers is protected with 256-bit TLS, and your data is encrypted at rest.

ISO 27001-certified platform

The app and database are built on Noloco, whose information security management system is certified to ISO/IEC 27001:2022.

Hardened hosting

Underlying AWS data centers are SOC 1, SOC 2, and ISO 27001 certified, with 24/7 physical security, redundant power, and automatic fire suppression.

Backups & recovery

Data is backed up with geo-redundant replication across multiple availability zones, backed by documented disaster-recovery and business-continuity plans.

Access controls & data privacy

Role- and permission-based controls determine who can see and change each record, and two-factor authentication guards our infrastructure accounts. No one on our team accesses the data in your account unless you explicitly ask us to.

Continuous scanning

Automated application and dependency security scans run daily, and code changes are reviewed and QA-tested before they ship.

Questions

Everything you might ask

Where is my data hosted?

Your app and database run on Noloco, hosted in SOC- and ISO 27001-certified AWS data centers. Our automation layer (n8n) runs on our own dedicated servers with Hetzner in Ashburn, Virginia.

Is my data encrypted?

Yes. Data is encrypted in transit with 256-bit TLS and encrypted at rest on our platform.

What certifications back the platform?

MCA Pilot is built on Noloco, which maintains ISO/IEC 27001:2022 certification, and runs in AWS data centers that are SOC 1, SOC 2, and ISO 27001 certified. You can read Noloco's full security overview at noloco.io/security.

Does anyone at MCA Pilot look at my deals?

No. No one on our team accesses the data in your account unless you explicitly ask us to — for example, when you reach out for support. We don't view, share, or submit your deals anywhere you didn't set up yourself, and there's no back door for us to work your deals. It has never happened, and the product is built so it can't.

Do you run an MCA brokerage or compete with me?

No. MCA Pilot is a software company — we don't broker, fund, or work merchant cash advance deals, and we have no stake in yours. Building the platform is our only business.

Do you use AI, and what data is shared?

Yes. For AI underwriting and auto-parsing funder replies, we send the specific deal data needed — such as uploaded bank statements and funder reply emails — to Google's Gemini models to produce results.

How do I report a security issue?

Email us at support@mcapilot.com and we'll route it to the right team. Issues in the underlying Noloco platform can also be reported to their security team at security@noloco.io.

Questions about security or compliance? We're happy to help.

Contact our team
We usually reply within one business day.