Security and Data Privacy in MuleSoft IDP
9/12/2025
MuleSoft places a strong emphasis on protecting the data handled within its ecosystem. MuleSoft Intelligent Document Processing is built with a layered security model designed to safeguard sensitive customer information at every stage.
Our philosophy is simple: reduce exposure to your data wherever possible and provide a controlled, secure environment for processing confidential documents. This is backed by industry-standard best practices, routine internal audits, and strict enforcement of policies governing operations, credentials, password management, and secure connectivity.
To maintain high trust and compliance, MuleSoft continuously aligns with recognized frameworks such as SOC 2, PCI Level-1, and HiTrust validated through ongoing assessments and reviews.
Behind the Walls: Security & Scalability in MuleSoft IDP
MuleSoft IDP runs on the cloud backbone of Anypoint Platform, designed to handle enterprise workloads while keeping customer data protected. The platform uses a shared, multi-tenant setup across several global regions, and includes built-in security practices such as:
Minimal access privileges so users only get the permissions required for their tasks
Role-based permission control to manage access cleanly and consistently
End-to-end data protection, including encryption and prevention of sensitive data storage
Regional runtime support to help organizations meet local data-residency policies
IDP is deployed on Amazon EKS, spread across three availability zones for high availability and automatic scaling. All communication between services is encrypted with SSL/TLS, ensuring no internal traffic is exposed.
To keep tenants fully isolated, API calls must include a tenant identifier, which is validated through Access Management. Sensitive information is encrypted using Customer Managed Keys (CMK) backed by AWS KMS, giving each tenant strong isolation and control over their encrypted data.
Below is the infrastructure diagram that outlines how MuleSoft IDP is architected:
Data Protection and Encryption Built for Enterprise Security
MuleSoft IDP relies on AWS services including RDS, Redis, S3, and Textract to securely process documents using proven, enterprise-grade encryption mechanisms. All information handled by IDP is protected both in transit and at rest through AWS’s built-in encryption capabilities. Document files stored in S3 and metadata persisted in RDS are encrypted using Customer Managed Keys (CMK) and AWS Key Management Service (KMS) keys administered by MuleSoft. These keys follow strict access policies and automatic rotation to maintain strong security posture.
Your responsibility in maintaining data security extends beyond the core IDP service. MuleSoft recommends following HIPAA-aligned encryption best practices by storing sensitive credentials and configurations securely. Use Anypoint Secrets Manager for service-specific credentials, Secure Configuration Properties for CloudHub deployments, and the Credentials Store for RPA to ensure authentication tokens and passwords remain encrypted across your automation workflows.
When working with documents that contain confidential information, ensure that only approved team members can review them during Human-in-the-Loop (HITL) steps. Access Management allows you to define and control who can handle document review tasks, reinforcing compliance and minimizing risk. MuleSoft IDP is currently supported in two AWS regions: US (us-east-1) and EMEA (eu-central-1).
Our Data Retention Approach
MuleSoft IDP follows strict data retention rules to ensure that documents and extracted information are stored only for the minimum time required.
• Document Action Editor
Files uploaded while configuring a Document Action are used solely for testing inside the editor. These files are removed immediately after processing, and any extracted data from that session is automatically cleared within 24 hours.
• Document Action Executions
When documents are processed using the execution API, both the file and extracted data are temporarily stored in a secure S3 location.
For successful executions, all files and extracted information are automatically purged after seven days. This duration is fixed and cannot be modified.
For executions that trigger a human review, the file and data remain available until seven days after the review is completed. Review tasks must be finished within 60 days; otherwise, the task, along with all associated data and files, is deleted automatically once that window closes. This retention period is also non-configurable.
Audit Logging, Backups, and Resilience Planning
MuleSoft IDP maintains a strong operational safety net through continuous auditing, routine backups, and a mature disaster-recovery strategy.
• Comprehensive Audit Trail
Every action performed within IDP is captured through CloudTrail logging. In addition, all API access logs are streamed into MuleSoft’s internal monitoring systems, enabling real-time visibility and security oversight across the platform.
• Twice-Daily Backups
Extracted data and stored metadata are backed up two times each day to ensure recoverability in the event of unexpected failures. While uploaded document files are not currently included in backup cycles, any processing issues can be resolved simply by re-running the IDP operation with the original file.
• Disaster Recovery Readiness
Our recovery process is designed to minimize downtime. In the event of a disruption:
RDS data is restored from snapshots, and
Stateless backend services running on Kubernetes are redeployed quickly and efficiently.
This approach ensures continuity of service with minimal impact on your workflows.
MuleSoft IDP is engineered to deliver a secure, stable, and trustworthy document automation experience. Through stringent security controls, strong compliance practices, and resilient infrastructure, we ensure your data is protected every step of the way.
AI Data Handling and Model Safety
MuleSoft IDP incorporates AWS Textract as one of its OCR engines, which operates on AWS’s proprietary machine learning models. Importantly, none of your documents or extracted data are ever used to train, refine, or personalize these AWS models. This aligns with AWS’s AI Services opt-out policies, ensuring your data remains strictly yours.
To support its intelligent features, IDP also leverages the Salesforce Einstein LLM Gateway. The gateway is protected by the Einstein Trust Layer, which enforces strict data boundaries your information never leaves Salesforce’s secure environment and is not shared with, or used to train, external AI providers such as OpenAI.
Einstein LLM Integration
MuleSoft's Anypoint Platform gained the ability to connect directly with Salesforce organizations. This integration enables Anypoint Platform users to interact with their corresponding Einstein instance, giving them access to the security controls built into the Einstein Trust Layer within IDP.
MuleSoft IDP integrates with Salesforce's LLM gateway (Einstein GPT) through the Salesforce API Platform. While IDP's infrastructure operates within the MuleSoft Anypoint security context, Einstein remains managed within the Salesforce security context. This separation ensures that each layer maintains its own security boundaries while enabling powerful AI capabilities. You can see MuleSoft IDP's Einstein integration in action through MuleSoft's official demonstration videos.
Conclusion
Security and data privacy are not afterthoughts in MuleSoft Intelligent Document Processing—they are fundamental to its design. From multi-layered encryption and tenant isolation to strict data retention policies and comprehensive audit trails, every component is built to protect your sensitive information.
By leveraging enterprise-grade AWS infrastructure, adhering to rigorous compliance frameworks, and integrating with Salesforce's Einstein Trust Layer, MuleSoft IDP provides the security posture that modern organizations require. Whether processing healthcare records, financial documents, or confidential contracts, you can trust that your data remains protected, private, and under your control.
As document automation becomes increasingly critical to business operations, MuleSoft IDP ensures that security keeps pace with innovation—delivering intelligent processing capabilities without compromising the trust your customers place in you.
References and Further Reading
Security and Data Privacy in MuleSoft Intelligent Document Processing
MuleSoft Anypoint Platform Trust Center
Intelligent Document Processing (IDP) Solution