Security Practices

At Mimrr, we prioritize the security of customer data and are committed to protecting it. If you have any additional questions regarding our security practices, please reach out to us at security@mimrr.com, and we will respond promptly. This page outlines the administrative, technical, and physical controls we have in place to secure Mimrr.

Hosting and Architecture

Mimrr is available as either a cloud-based service or an on-premises ("bring-your-own-cloud") solution.

Cloud-based (Hosted) Services

The infrastructure for Mimrr is provided and hosted by Microsoft Azure. Detailed information about Azure's security practices can be found on the Auzre Security website. Information on security and privacy-related audits and certifications received by Azure, including SOC reports, is available on the Azure Compliance website.

On-premises (Self-hosted) Services

For self-hosted Mimrr services, Custom Apps are hosted using your own infrastructure - such as on-premises - enabling you and your users to build, run, and use Mimrr within your virtual private cloud (VPC) or behind your virtual private network (VPN).

Storage of Customer Code

Mimrr stores the plain text for documentation and file paths, as well as the vector embeddings. Code is cloned into transient container from the customer's code hosting service, such as GitHub, and the transient container is disposed when the Mimrr has finished processing or if an error occurs. If the customer opts for the on-premises solution, their code remains entirely within their servers or provisioned cloud.

Mimrr also stores a refresh token encrypted securely at rest for access to the customers code hosting service which can be revoked by the user at any time via Mimrr or their code hosting provider

Confidentiality and Security Controls

Confidentiality

Mimrr enforces strict controls over its employees' access to Customer Data. Only specific employees may need access to systems that store or process this information to operate Mimrr services effectively. For instance, to diagnose a customer's issue with Mimrr services, we may need to access their account. These employees are prohibited from viewing Customer Data unless necessary. We have technical controls and audit policies in place to ensure that any access to customer accounts is logged.

All our employees and contract personnel are bound by our confidentiality policies, which we regard with utmost importance.

Return and Deletion of Customer Data

Within 30 days post-contract termination, customers may request the return of Customer Data stored by Mimrr (to the extent such data has not already been deleted by the customer).

Mimrr provides administrators with the option to delete all Customer Data stored by Mimrr at any time during a subscription term. Within 24 hours of administrator-initiated deletion, Mimrr permanently deletes all Customer Data from active production systems. Mimrr-maintained backups of services and data are typically destroyed within 30 days (with exceptions during ongoing investigations of incidents).

Monitoring and Validation

Certificates

Mimrr is in the process of becoming SOC2 Type II compliant. Once obtained, customers may request a copy of Mimrr's SOC2 Type II report by contacting security@mimrr.com.

Audits

To ensure our security practices are robust and to monitor the Mimrr services for new vulnerabilities, the Mimrr services undergo security assessments by internal personnel and respected external security firms who perform regular audits. In addition to periodic and targeted audits, we employ continuous hybrid automated scanning of our web platform. Customers may request available external audit reports by contacting security@mimrr.com.

Personnel

Mimrr conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding and on an ongoing basis. All employees are required to read and sign our comprehensive information security policy, covering the security, availability, and confidentiality of the Mimrr services.