Mio security white paper
Mio is making
Security by design
It is our philosophy that security should be incorporated into our product design from day one. All projects we undertake are subject to a risk assessment to ensure we don’t compromise our underlying security policies.
We educate our team to understand the importance of keeping your user data secure. This includes industry-standard authentication and authorization methods and maintaining the privacy of the personal information you transmit over our network.
Protecting your data
Classifying and prioritizing data
We classify and prioritize data to ensure we can provide the highest tier of security to your online messaging transactions. If we can avoid
Data encryption in transit and at rest
All data that is transmitted via Mio systems uses the TLS 1.2 protocol.
We will never knowingly store an end users plain text password or similar sensitive credentials on our system. Whenever possible we require users to use our platform partners authentication systems and as a
For customers relying on our dedicated managed hosting, Mio isolates each tenant within its own personal private network and provide a set of dedicated and isolated services for maximum privacy, security
Our servers and systems are actively monitored and are regularly updated with the latest security updates as needed. Any errors or omissions found in our own applications are proactively patched and retested at the earliest opportunity. All new servers are hardened before deployment to minimize accidental exposure to potentially insecure default services or credentials. Mio periodically invites external auditors to test and report on our system in its entirety and any feedback is prioritized and acted upon accordingly.
All application software built and deployed by Mio is subject to version control as part of our secure software development lifecycle. Prior to each production release software is extensively tested and versioned before being made available to the public.
System monitoring and logging
To continuously improve its level of service, Mio may log and inspect traffic passing over its systems. Administrative access by senior members of the team is required to access this information. Log retention is typically for 72 hours and is automatically destroyed after this timeframe.
Mio has its own internal guidelines towards data privacy and security to help ensure it meets its legal, ethical and socially responsible obligations. Additionally, Mio commissions dedicated legal professionals when needed to help meet legal and regulatory requirements.
By default, Mio tries to minimize personal data retention and typically only stores highly anonymized or obfuscated data on its systems. If Mio receives requests from users or government agencies to disclose or delete data outside of its regular day to day operations, we will meet all legal obligations deemed necessary by our legal counsel.
For more information on the Mio and to keep up to date with the latest messaging trends, visit our blog.