// Trust & Security Report

    Mad Street Den, Inc. (brand: Vue.ai; acquired by M2P Fintech, Inc. in 2025) logo

    Mad Street Den, Inc. (brand: Vue.ai; acquired by M2P Fintech, Inc. in 2025)

    Vue.ai is an enterprise AI orchestration platform (data prep, adaptive automation, composable workflows, self-learning models) sold to large enterprises in retail/eCommerce, financial services, insurance, and logistics/staffing. Operated by Mad Street Den, which was acquired by M2P Fintech in a 2025 cash-and-stock deal; the vue.ai site footer now reads '© 2026 M2P FINTECH INC.' while security/compliance pages still speak in Mad Street Den's voice.

    Certifications held

    3

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    Mad Street Den undergoes independent assessments for ISO 27001, SOC 2, and other standards at least once per year.

    Verify on vue.ai
    ISO 27001
    HELD

    Mad Street Den undergoes independent assessments for ISO 27001, SOC 2, and other standards at least once per year. ... Policies and procedures aligned with ISO 27001:2013 criteria are established and subject to routine audits.

    Verify on vue.ai
    GDPR (compliance posture, not a certification)
    HELD

    We are committed to protecting and respecting the privacy of our customers and users, and will use any collected information only to provide the products and services requested from us. ... we are working with our partners and clients to ensure compliance with all regulations.

    Verify on vue.ai
    > Show 6 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    no public evidence: HIPAA is not mentioned on the trust page, the security overview page, or the GDPR page reviewed; no BAA offering is referenced anywhere on vue.ai

    source: vue.ai
    PCI DSS
    NOT CONFIRMED

    no public evidence: PCI DSS is not mentioned on any vendor-domain page reviewed (trust, security overview, GDPR)

    source: vue.ai
    ISO 27017 / 27018 / 27701
    NOT CONFIRMED

    no public evidence: the trust page only names ISO 27001 and SOC 2 explicitly, then refers vaguely to 'other standards' without naming them

    source: vue.ai
    ISO/IEC 42001 (AI management systems)
    NOT CONFIRMED

    no public evidence: not referenced on the trust page, security page, or GDPR page despite the product being marketed as an 'AI orchestration platform'

    source: vue.ai
    CSA STAR
    NOT CONFIRMED

    no public evidence found on vue.ai

    source: vue.ai
    FedRAMP
    NOT CONFIRMED

    no public evidence; vendor shows no government/public-sector focus on its site

    source: vue.ai

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not offered

    Data region

    MSD stores personal information on databases and on servers based in North Virginia, United States, or any other country around the world. We may store your personal information on a server located outside the country where you live.

    No explicit statement on whether customer data is used to train Vue.ai's models was found on the trust page, security overview page, GDPR page, or privacy policy. This should be confirmed in writing (e.g. contract/DPA) before enterprise onboarding, especially given the platform's 'Self-Learning AI and Active Learning' feature which explicitly adapts to customer/user behavior data.

    // Security controls

    Encryption in transit

    HTTPS with TLS 1.2 (some vendor summaries also cite TLS 1.0/1.1 support for backward compatibility)

    vue.ai

    Encryption at rest

    AES-256-bit server-side encryption for cloud storage

    vue.ai

    Access control

    IAM role-based access control with two-factor authentication

    vue.ai

    Network security

    Dedicated, segmented Virtual Private Clouds (VPC); firewalls restricted to required endpoints; Learning Intrusion Detection System (IDS) monitoring the VPC

    vue.ai

    Monitoring / data loss prevention

    24/7 security operations monitoring; integrates AWS Security Center and Google DLP tooling

    vue.ai

    Backup & disaster recovery

    Regular backups with seven-day retention; cross-geographic redundancy

    vue.ai

    Security governance

    CISO-led Information Security Committee (ISC) with quarterly executive review; dedicated GRC, security architecture, application/cloud security, and security operations staff; mandatory employee security training with annual refreshers; annual risk-driven audits of products, procedures, and suppliers; regular code review, vulnerability assessment, and internal/external penetration testing

    vue.ai

    // Products & data scope

    Vue.ai Platform (core orchestration)Enterprise AI orchestration / data & workflow automation

    data: Enterprise customer/product/process data ingested from connected systems; builds 'high dimensional' customer and product graphs

    Composable, modular platform combining data prep, adaptive automation, workflow orchestration, and self-learning models; sold to large enterprises, not self-serve consumer tooling.

    Vue.ai Accelerator (30:60:90 rollout program)Managed onboarding / professional services

    data: Same enterprise data as core platform, plus program/rollout reporting

    Co-managed implementation program (pilot go-live day 30, ROI proof day 60, scale day 90); not a distinct data-processing product but affects contractual/data-handling scope during rollout.

    Vue.ai Hotstart (industry workflow packs)Vertical solution templates (retail/eCommerce, BFSI, insurance, logistics)

    data: Industry-specific datasets, e.g. product catalogs and imagery (retail), claims/KYC/loan documents (BFSI/insurance), and inventory/route data (logistics)

    Handles sensitive document data (KYC extraction, claims adjudication, loan/insurance processing) for financial-services customers; no HIPAA or PCI DSS attestation was found to cover this scope.

    // What to watch

    • Identity/continuity risk: Vue.ai is operated by Mad Street Den, which was acquired by M2P Fintech in a 2025 'distress sale' (~$15M cash-and-stock per press reporting). The vue.ai footer now reads '© 2026 M2P FINTECH INC.' but the trust/security/GDPR pages still speak entirely in Mad Street Den's own voice and DPO contact (infosec@madstreetden.com). It is unclear which legal entity currently holds and maintains the cited SOC 2/ISO 27001 assessments post-acquisition.
    • SOC 2 and ISO 27001 claims are self-attested prose on the vendor's own trust page ('undergoes independent assessments ... at least once per year') with no downloadable certificate, audit report, report date, SOC 2 Type 1 vs Type 2 designation, or third-party trust portal (e.g. SafeBase/Vanta/Drata) link found anywhere on vue.ai. Treat as vendor-claimed, not independently document-verified.
    • Recommend a manual follow-up fetch before final publication.
    • No explicit AI-training-on-customer-data disclosure was found, despite the platform marketing a 'Self-Learning AI and Active Learning' capability that explicitly adapts to user/customer behavior data. Enterprise buyers in regulated verticals (BFSI, insurance) should get this in writing.
    • Vertical use cases include sensitive financial/insurance document processing (KYC extraction, claims adjudication, loan processing) with no PCI DSS or sector-specific attestation found to cover that scope.

    // At a glance

    Pricing model

    Enterprise sales-led (demo/quote-based); no public self-serve pricing found

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Mad Street Den, Inc. (brand: Vue.ai; acquired by M2P Fintech, Inc. in 2025)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    vue.ai

    > Browse all vendor trust reports