Security
Cubeless™
ModSquad delivers enterprise-grade security for a fully distributed workforce. Our platform, Cubeless, ensures that agents operate within a secure, isolated, identity-managed environment where data never lives on personal devices, access is role-based and revocable, and every action is logged and attributable. Cubeless is SOC 2 Type 2 certified, HIPAA compliant, and PCI-DSS compliant. We also license Cubeless to other companies to secure their own teams.
Remote operations. Centralized control.
Platform controls
| Control | What it enforces |
|---|---|
| Isolated workspace | All work happens inside a secure browser environment. No client data on agent devices. No local file storage. No persistent credentials on personal machines. When a session ends, nothing remains on the endpoint. |
| Identity & access | SSO enforced. Risk-aware MFA required. Role-based permissions scoped to specific client programs. No shared credentials. No standing access beyond what's assigned. Optional continuous biometric authentication. Access provisioned per role, revoked instantly when needed. |
| Data loss prevention | Screenshot and print capture blocked. Copy/paste outside the workspace restricted. Keylogging exposure prevented. Downloads routed to secure storage. Sensitive data masking via DLP rules. Customer data cannot be saved locally. |
| Program isolation | Each client program runs in a separate, permission-controlled environment. No cross-client visibility. No lateral access between programs. Agents only see the systems assigned to their work. |
| Audit & accountability | Centralized logging. User-level access tracking. Session-level attribution. Full visibility into who accessed what and when. |
| Access revocation | Credentials revoked centrally. Sessions terminated. No local data remains. No residual access. No dependency on the agent's device to remove access. |
Compliance
- SOC 2 Type 2 — independently audited controls for security, availability, and confidentiality
- HIPAA — compliant for healthcare data handling
- PCI-DSS — compliant for payment card data
Compliance documentation available upon request under NDA.
Operational discipline
Technology enforces the guardrails. Operations reinforce them.
- Background screening aligned to program requirements
- Identity verification and confidentiality agreements before system access
- Security orientation at onboarding, program-specific data handling training, ongoing refreshers
- Structured offboarding with centralized credential revocation
Access is only granted after required screening and training are complete.
Why "Cubeless"
ModSquad has been fully remote since 2007. The best people in CX don't want to work in call centers — and they shouldn't have to. Cubeless is the platform that makes "work from anywhere" as secure as a locked facility. It's secure enough that we license it to companies securing their own teams, including teams in physical offices.
Read The Cubeless Manifesto for the full story.
Works with your systems
Cubeless integrates with your existing tools — Zendesk, Salesforce, your internal platforms. No migration. Our team works inside your systems through the secure workspace.