Introducing Mido: an engine for clear decisions. Read More

Security

Security & compliance at Mido.

Security, privacy, compliance, and transparency are core to our platform. We proactively protect customer data through security best practices, robust access controls, and strict adherence to global compliance standards.

Defense in depth

How Mido protects your data.

Mido applies layered security controls across its infrastructure, applications, and data.

Encryption

Data in transit

All data in transit is encrypted with TLS 1.2+ across public and private networks.

Data at rest

All data at rest is encrypted with AES-256.

Key management

Encryption keys are managed by our cloud providers’ key-management services, with rotation and access controls.

Access control

Least-privilege access

Production access is restricted by default and granted on a least-privilege, role-based basis.

Single sign-on & MFA

Every internal system requires single sign-on and enforced multi-factor authentication.

Application & platform security

Vulnerability scanning

Mido uses continuous dependency and vulnerability scanning from leading vendors.

Data isolation

Customer data and environments are isolated from one another.

Data segregation

All customer data is isolated with unique cryptographic IDs to prevent unauthorized access.

Availability & recovery

Automated backups

Customer data is backed up automatically and encrypted at rest.

Disaster recovery

Recovery procedures are tested regularly.

Privacy

No training on your data

Mido does not train AI models on your content.

Ownership & deletion

You retain ownership of the data you submit and can delete it at any time. Mido does not sell your data.

Monitoring & response

Threat monitoring

Mido continuously monitors for abuse, fraud, and unauthorized access.

Incident response

Security events trigger alerts and a defined response process.

Infrastructure

Infrastructure and data residency.

Mido runs on Amazon Web Services, Google Cloud, and Microsoft Azure. Provider and region configuration to meet your data-residency, latency, and compliance requirements is available upon request.

Amazon Web Services

SOC 2 Type II · ISO 27001

Google Cloud

SOC 2 Type II · ISO 27001

Microsoft Azure

SOC 2 Type II · ISO 27001

AWS, Google Cloud, Azure, and other subprocessors are all certified for SOC 2, ISO 27001, and other leading global compliance standards. These data centers provide 24/7 surveillance, biometric access controls, redundancy, and independent third-party audits.

Compliance & privacy

Responsibly aligned.

Mido aligns its practices with the major privacy and data-protection regulations our customers are subject to. The data you provide is handled to those standards.

GDPR

Mido follows the GDPR framework, including data-subject rights, data minimization, lawful processing, and Standard Contractual Clauses for international transfers.

CCPA & CPRA

Mido aligns with CCPA and CPRA, does not sell or share personal data, and supports access, correction, and deletion requests.