
MCA Pilot runs on hardened, certified infrastructure — from the app and database, to our automation servers, to the AI that reads your statements and funder replies. Here's exactly how it's protected.
Report an issue anytime: support@mcapilot.com
Architecture
The MCA Pilot app and your database run on Noloco, a platform certified to ISO/IEC 27001:2022. Data is encrypted in transit with 256-bit TLS and encrypted at rest, hosted in AWS data centers that are SOC 1, SOC 2, and ISO 27001 certified.
Our workflows and business logic run on our own self-hosted n8n, across five dedicated Hetzner VPS servers in Ashburn, Virginia. Access to that infrastructure is protected with two-factor authentication.
Features like AI underwriting and auto-parsing funder replies send the specific deal data needed — such as uploaded bank statements and funder reply emails — to Google's Gemini models to generate their results.
Safeguards
Traffic between your device and our servers is protected with 256-bit TLS, and your data is encrypted at rest.
The app and database are built on Noloco, whose information security management system is certified to ISO/IEC 27001:2022.
Underlying AWS data centers are SOC 1, SOC 2, and ISO 27001 certified, with 24/7 physical security, redundant power, and automatic fire suppression.
Data is backed up with geo-redundant replication across multiple availability zones, backed by documented disaster-recovery and business-continuity plans.
Role- and permission-based controls determine who can see and change each record, and two-factor authentication guards our infrastructure accounts. No one on our team accesses the data in your account unless you explicitly ask us to.
Automated application and dependency security scans run daily, and code changes are reviewed and QA-tested before they ship.
Questions
Your app and database run on Noloco, hosted in SOC- and ISO 27001-certified AWS data centers. Our automation layer (n8n) runs on our own dedicated servers with Hetzner in Ashburn, Virginia.
Yes. Data is encrypted in transit with 256-bit TLS and encrypted at rest on our platform.
MCA Pilot is built on Noloco, which maintains ISO/IEC 27001:2022 certification, and runs in AWS data centers that are SOC 1, SOC 2, and ISO 27001 certified. You can read Noloco's full security overview at noloco.io/security.
No. No one on our team accesses the data in your account unless you explicitly ask us to — for example, when you reach out for support. We don't view, share, or submit your deals anywhere you didn't set up yourself, and there's no back door for us to work your deals. It has never happened, and the product is built so it can't.
No. MCA Pilot is a software company — we don't broker, fund, or work merchant cash advance deals, and we have no stake in yours. Building the platform is our only business.
Yes. For AI underwriting and auto-parsing funder replies, we send the specific deal data needed — such as uploaded bank statements and funder reply emails — to Google's Gemini models to produce results.
Email us at support@mcapilot.com and we'll route it to the right team. Issues in the underlying Noloco platform can also be reported to their security team at security@noloco.io.