Mira Security Policy
1. Infrastructure Security
Mira is designed and built on highly resilient, enterprise-grade cloud systems.
Our primary application infrastructure, storage systems, and databases are hosted securely via Supabase, operating on top-tier cloud architecture (Amazon Web Services). Supabase infrastructure operates within secure, ISO 27001, SOC 2 Type II, and PCI-DSS compliant physical data centers.
Physical access to these data centers is strictly restricted and monitored by specialized security teams, employing biometric scanners, 24/7 camera surveillance, and physical barriers.
2. Data Encryption Standards
We enforce industry-standard cryptographic protocols to ensure your data remains secure during transmission and while stored on our platforms:
- Data in Transit: All communication between your web browser and the Mira application is encrypted using secure HTTPS/TLS 1.3 transport layers, protecting your information from interception.
- Data at Rest: All workspace details, databases, and configuration parameters are encrypted at rest using highly secure AES-256 encryption standards. Backup files and system logs are similarly protected using standard encryption workflows.
3. Database & Access Control
Your workspace information is strongly isolated. We enforce rigorous database permission models to prevent unauthorized access:
- Row-Level Security (RLS): We configure our PostgreSQL database with strict Row-Level Security rules. This means every individual query is checked and isolated at the database level, ensuring that users can only read, write, or modify records belonging strictly to their own authenticated account.
- Authentication Security: Primary user logins are managed securely via Supabase Authentication. Passwords are encrypted and hashed before database storage, ensuring we never hold raw passwords.
- Session Protection: Access tokens utilize standard secure JSON Web Tokens (JWT) with short expiration periods to prevent unauthorized session hijackings.
4. Secure Billing & PCI Compliance
Mira prioritizes financial security. We partner exclusively with Stripe to manage subscriptions and handle card payments securely.
Stripe is certified as a PCI-DSS Level 1 Service Provider (the most rigorous security standard in the payment industry). All billing inputs are submitted directly to Stripe via secure, encrypted elements. Mira never stores, processes, or holds raw credit card numbers or financial account details on our servers.
5. Automated Tools Integrity
Mira utilizes background tools to help automate task reviews and track workloads. When utilizing our background assistant, Aide, we maintain a strict data privacy framework:
Enterprise AI Privacy Promise
We promise that Mira will never utilize, share, or store your task descriptions, team work logs, calendar entries, or personal schedules to train third-party artificial intelligence models, machine learning algorithms, or large language models. Your business operations and details remain strictly private to your isolated workspace.
6. Vulnerability & Incident Reporting
We appreciate the invaluable contributions of security researchers and users in identifying and resolving software vulnerabilities.
If you discover a potential security bug or vulnerability within the Service, we invite you to report it to us responsibly. We will review all reports and address verified vulnerabilities as quickly as possible.
You can submit a secure vulnerability report directly through our live contact portal: Contact Page.