Security
Security & compliance at Mido.
Security, privacy, compliance, and transparency are core to our platform. We proactively protect customer data through security best practices, robust access controls, and strict adherence to global compliance standards.
Defense in depth
How Mido protects your data.
Mido applies layered security controls across its infrastructure, applications, and data.
Encryption
Data in transit
All data in transit is encrypted with TLS 1.2+ across public and private networks.
Data at rest
All data at rest is encrypted with AES-256.
Key management
Encryption keys are managed by our cloud providers’ key-management services, with rotation and access controls.
Access control
Least-privilege access
Production access is restricted by default and granted on a least-privilege, role-based basis.
Single sign-on & MFA
Every internal system requires single sign-on and enforced multi-factor authentication.
Application & platform security
Vulnerability scanning
Mido uses continuous dependency and vulnerability scanning from leading vendors.
Data isolation
Customer data and environments are isolated from one another.
Data segregation
All customer data is isolated with unique cryptographic IDs to prevent unauthorized access.
Availability & recovery
Automated backups
Customer data is backed up automatically and encrypted at rest.
Disaster recovery
Recovery procedures are tested regularly.
Privacy
No training on your data
Mido does not train AI models on your content.
Ownership & deletion
You retain ownership of the data you submit and can delete it at any time. Mido does not sell your data.
Monitoring & response
Threat monitoring
Mido continuously monitors for abuse, fraud, and unauthorized access.
Incident response
Security events trigger alerts and a defined response process.
Infrastructure
Infrastructure and data residency.
Mido runs on Amazon Web Services, Google Cloud, and Microsoft Azure. Provider and region configuration to meet your data-residency, latency, and compliance requirements is available upon request.
Amazon Web Services
SOC 2 Type II · ISO 27001
Google Cloud
SOC 2 Type II · ISO 27001
Microsoft Azure
SOC 2 Type II · ISO 27001
AWS, Google Cloud, Azure, and other subprocessors are all certified for SOC 2, ISO 27001, and other leading global compliance standards. These data centers provide 24/7 surveillance, biometric access controls, redundancy, and independent third-party audits.
Compliance & privacy
Responsibly aligned.
Mido aligns its practices with the major privacy and data-protection regulations our customers are subject to. The data you provide is handled to those standards.
GDPR
Mido follows the GDPR framework, including data-subject rights, data minimization, lawful processing, and Standard Contractual Clauses for international transfers.
CCPA & CPRA
Mido aligns with CCPA and CPRA, does not sell or share personal data, and supports access, correction, and deletion requests.