Security

Last updated: 31 March 2026

Security is foundational to how Mimiq is built and operated. Your knowledge is sensitive, and we treat it that way.

Encryption

All data is encrypted at three layers:

• In transit — all connections use TLS 1.2+ encryption. No data travels unencrypted between your browser and our servers, or between our internal services.
• At rest — all stored data is encrypted using AES-256 encryption provided by our infrastructure providers (Google Cloud Platform, MongoDB Atlas).
• At application level — sensitive credentials (integration API keys, OAuth tokens) are additionally encrypted with a separate key before storage.

Data isolation

Your data is private to your account. No other user can access your topics, knowledge, messages, or linked documents unless you explicitly share access.

Infrastructure

• Hosting — Mimiq runs on Google Cloud Platform (Cloud Run) with automatic scaling and process-level isolation.
• Database — MongoDB Atlas with encrypted storage, automated backups, and network-level access controls.
• Region — Data is stored and processed in the United States. Regional options will be available in the future.

Authentication

• Mimiq uses passwordless authentication — login codes are sent to your email and verified via constant-time comparison of SHA-256 hashes. No passwords are stored.
• Ephemeral (unregistered) accounts are created without an email and automatically deleted after 7 days.
• Authentication sessions use signed JWT tokens that are time-limited and automatically expire.
• Internal service communication is authenticated separately and never uses user credentials.

AI and your data

Mimiq uses AI (Anthropic Claude) to process your knowledge. Here's how we handle this:

• No training on your data — your content is never used to train AI models. Anthropic's commercial API terms explicitly prohibit this.
• Processing only — AI processes your text to extract, organise, and update knowledge. Data handling during processing is governed by Anthropic's data processing terms.
• Limited sharing — your data is shared only with providers listed in our Privacy Policy (Anthropic, infrastructure providers, and integration services you connect). We do not sell or share your data for any other purpose.

Third-party integrations

All integration credentials are encrypted at the application level before storage. Credentials can be deleted at any time from your settings.

• Confluence — Mimiq accesses only the pages you explicitly link.
• Slack — Mimiq only has access to messages sent to it directly or that mention it.

Internal access

Mimiq staff may access your data only when necessary to:

• Resolve a technical issue you've reported
• Investigate a security incident
• Comply with a legal obligation

Access is logged, limited to the minimum needed, and never used for purposes other than those listed above. We do not browse, review, or analyse your content for any other reason.

Data retention

• Your data is stored for as long as your account is active. Ephemeral accounts are automatically deleted after 7 days.
• When you delete a topic, all associated data (knowledge, versions, notes, messages, linked documents) is permanently removed.
• You can delete individual knowledge versions from the version history. Deletion is permanent and immediate.
• Account deletion removes all your data. Contact us at support@iammimiq.io to request account deletion.

Incident response

In the event of a security incident affecting your data, we will notify affected users within 72 hours with details of what happened, what data was involved, and what steps we're taking.

Questions

If you have questions about our security practices, contact us at support@iammimiq.io.