// Trust & Security Report
Mad Street Den, Inc. (brand: Vue.ai; acquired by M2P Fintech, Inc. in 2025)
Vue.ai is an enterprise AI orchestration platform (data prep, adaptive automation, composable workflows, self-learning models) sold to large enterprises in retail/eCommerce, financial services, insurance, and logistics/staffing. Operated by Mad Street Den, which was acquired by M2P Fintech in a 2025 cash-and-stock deal; the vue.ai site footer now reads '© 2026 M2P FINTECH INC.' while security/compliance pages still speak in Mad Street Den's voice.
Certifications held
3
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on vue.ai“Mad Street Den undergoes independent assessments for ISO 27001, SOC 2, and other standards at least once per year.”
Verify on vue.ai“Mad Street Den undergoes independent assessments for ISO 27001, SOC 2, and other standards at least once per year. ... Policies and procedures aligned with ISO 27001:2013 criteria are established and subject to routine audits.”
Verify on vue.ai“We are committed to protecting and respecting the privacy of our customers and users, and will use any collected information only to provide the products and services requested from us. ... we are working with our partners and clients to ensure compliance with all regulations.”
> Show 6 unconfirmed / not-held certifications
source: vue.aino public evidence: HIPAA is not mentioned on the trust page, the security overview page, or the GDPR page reviewed; no BAA offering is referenced anywhere on vue.ai
source: vue.aino public evidence: PCI DSS is not mentioned on any vendor-domain page reviewed (trust, security overview, GDPR)
source: vue.aino public evidence: the trust page only names ISO 27001 and SOC 2 explicitly, then refers vaguely to 'other standards' without naming them
source: vue.aino public evidence: not referenced on the trust page, security page, or GDPR page despite the product being marketed as an 'AI orchestration platform'
source: vue.aino public evidence; vendor shows no government/public-sector focus on its site
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
MSD stores personal information on databases and on servers based in North Virginia, United States, or any other country around the world. We may store your personal information on a server located outside the country where you live.
No explicit statement on whether customer data is used to train Vue.ai's models was found on the trust page, security overview page, GDPR page, or privacy policy. This should be confirmed in writing (e.g. contract/DPA) before enterprise onboarding, especially given the platform's 'Self-Learning AI and Active Learning' feature which explicitly adapts to customer/user behavior data.
// Security controls
Encryption in transit
HTTPS with TLS 1.2 (some vendor summaries also cite TLS 1.0/1.1 support for backward compatibility)
vue.aiNetwork security
Dedicated, segmented Virtual Private Clouds (VPC); firewalls restricted to required endpoints; Learning Intrusion Detection System (IDS) monitoring the VPC
vue.aiMonitoring / data loss prevention
24/7 security operations monitoring; integrates AWS Security Center and Google DLP tooling
vue.aiBackup & disaster recovery
Regular backups with seven-day retention; cross-geographic redundancy
vue.aiSecurity governance
CISO-led Information Security Committee (ISC) with quarterly executive review; dedicated GRC, security architecture, application/cloud security, and security operations staff; mandatory employee security training with annual refreshers; annual risk-driven audits of products, procedures, and suppliers; regular code review, vulnerability assessment, and internal/external penetration testing
vue.ai// Products & data scope
data: Enterprise customer/product/process data ingested from connected systems; builds 'high dimensional' customer and product graphs
Composable, modular platform combining data prep, adaptive automation, workflow orchestration, and self-learning models; sold to large enterprises, not self-serve consumer tooling.
data: Same enterprise data as core platform, plus program/rollout reporting
Co-managed implementation program (pilot go-live day 30, ROI proof day 60, scale day 90); not a distinct data-processing product but affects contractual/data-handling scope during rollout.
data: Industry-specific datasets, e.g. product catalogs and imagery (retail), claims/KYC/loan documents (BFSI/insurance), and inventory/route data (logistics)
Handles sensitive document data (KYC extraction, claims adjudication, loan/insurance processing) for financial-services customers; no HIPAA or PCI DSS attestation was found to cover this scope.
// What to watch
- Identity/continuity risk: Vue.ai is operated by Mad Street Den, which was acquired by M2P Fintech in a 2025 'distress sale' (~$15M cash-and-stock per press reporting). The vue.ai footer now reads '© 2026 M2P FINTECH INC.' but the trust/security/GDPR pages still speak entirely in Mad Street Den's own voice and DPO contact (infosec@madstreetden.com). It is unclear which legal entity currently holds and maintains the cited SOC 2/ISO 27001 assessments post-acquisition.
- SOC 2 and ISO 27001 claims are self-attested prose on the vendor's own trust page ('undergoes independent assessments ... at least once per year') with no downloadable certificate, audit report, report date, SOC 2 Type 1 vs Type 2 designation, or third-party trust portal (e.g. SafeBase/Vanta/Drata) link found anywhere on vue.ai. Treat as vendor-claimed, not independently document-verified.
- Recommend a manual follow-up fetch before final publication.
- No explicit AI-training-on-customer-data disclosure was found, despite the platform marketing a 'Self-Learning AI and Active Learning' capability that explicitly adapts to user/customer behavior data. Enterprise buyers in regulated verticals (BFSI, insurance) should get this in writing.
- Vertical use cases include sensitive financial/insurance document processing (KYC extraction, claims adjudication, loan processing) with no PCI DSS or sector-specific attestation found to cover that scope.
// At a glance
Pricing model
Enterprise sales-led (demo/quote-based); no public self-serve pricing found
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Mad Street Den, Inc. (brand: Vue.ai; acquired by M2P Fintech, Inc. in 2025)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
vue.ai