It’s all in the cloud
Like many Fortune 500 companies, startups, and governments, we use Google Cloud Platform.
Because we can rely on their industry-leading privacy policies, compliance programs, and security measures, they’re our vetted provider in the cloud ecosystem.
How we keep your data safe and secure
No unauthorized access to your data
Your safety is always on our minds. That’s why we take several organizational and technical measures to protect your data.
Here are a few of them:
- Virtual access control: From user identification and authentication procedures to password safety procedures or automatic bans, we have them all in place for you at Mirro.
- Physical access control: As you might expect, we protect our office space with security personnel and surveillance systems. Our teams use card keys for doors and have restricted access throughout the building. Also, our equipment security standards are high.
- Comms control systems: Our internal communication flows are encrypted and routed through secure VPN tunnels. Because of this, they can’t be intercepted or accessed by malicious third-parties.
Our access to your data is not a given
At Mirro, you have full ownership of your data. Our guarantee is that we’re keeping it safe for you, stored in Western Europe using the Google Cloud Platform infrastructure.
Few people inside Mirro can access your data, which is limited to fulfilling contractual obligations in a secure manner. For example, our Customer Support team can do so, but only to reply to your inquiries. And if you ever need some debugging, our Tech Support team operates with full action traceability.
To make things extra safe, anyone at Mirro with data access privileges undergoes a background check and has a confidentiality agreement in place.
Back-ups are the norm
Google Cloud Platform powers our back-ups on a schedule:
- Full back-ups: weekly
- Differential back-ups: twice daily
- Action logs: every 5 minutes
We’re happy to report all of them are protected by AES 256-bit encryption.
It’s all HTTPS
Whenever you connect to Mirro, your data is secure. One of the reasons for this is that we use an HTTPS connection. If you want to get technical, we support TLS version 1.2 and 1.3.
But it’s not just that. We limit the duration of Mirro sessions for admin accounts to one hour, and our account access tokens are not transferable.
Strong passwords are mandatory
We take good care of your Mirro password. Keeping it in clear text is an absolute no-no for us, so we hash and salt it. Because we use bcrypt, it’s resistant to brute-force search attacks.
We also have strict requirements in place for the length and complexity of passwords. And since we monitor our platform at all times, accounts are automatically deactivated if the wrong password has been inserted one too many times.
We meet rigorous requirements
Our backbone, Google Cloud Platform is leading the industry with over 90 compliance offerings.
Mirro is GDPR-compliant. We meet European regulations, as no data is transferred outside the European Union.
Our people also go through regular GDPR training, so our collection and use of information are on point.
We put our system through the wringer
To make sure we’re always at the top of our game, Mirro undergoes regular internal security tests, automated testing batches, and penetration tests.
Our automation ensures that our platform and the services we offer are always up to date.
Mirro is designed to have high availability. In the unlikely case of something going wrong, we’ll let you know.
Our production and testing environments are separated. That’s to make sure no mishaps find their way to you.