Security

Last updated: 31 March 2026

Security is foundational to how Mimiq is built and operated. Your knowledge is sensitive, and we treat it that way.

Encryption

All data is encrypted at three layers:

• In transit — all connections use TLS 1.2+ encryption. No data travels unencrypted between your browser and our servers, or between our internal services.
• At rest — all stored data is encrypted using AES-256 encryption provided by our infrastructure providers (Google Cloud Platform, MongoDB Atlas).
• Application-level — sensitive data (messages, knowledge, changelogs) is encrypted with a separate application key before being written to the database. Even with direct database access, this data cannot be read without the application key.

Infrastructure

• Hosting — Mimiq runs on Google Cloud Platform (Cloud Run) with automatic scaling and isolation between customers.
• Database — MongoDB Atlas with encrypted storage, automated backups, and network-level access controls.
• Region — Data is stored and processed in the United States. Regional options will be available in the future.

Authentication

• Passwords are hashed using industry-standard one-way hashing. We never store or have access to your plain-text password.
• Authentication sessions are time-limited and automatically expire.
• Internal service communication is authenticated separately and never uses user credentials.

AI and your data

Mimiq uses AI (Anthropic Claude) to process your knowledge. Here's how we handle this:

• No training on your data — your content is never used to train AI models. Anthropic's commercial API terms explicitly prohibit this.
• Processing only — AI processes your text to extract, organise, and update knowledge. The AI does not retain your data between requests.
• No third-party sharing — your data is sent only to the AI provider (Anthropic) for processing, under their enterprise data processing terms. It is not shared with any other third party.

Third-party integrations

• Confluence — when you connect Confluence, your API credentials are stored encrypted. Mimiq accesses only the pages you explicitly link. Credentials can be deleted at any time from your settings.

Internal access

Mimiq staff may access your data only when necessary to:

• Resolve a technical issue you've reported
• Investigate a security incident
• Comply with a legal obligation

Access is logged, limited to the minimum needed, and never used for purposes other than those listed above. We do not browse, review, or analyse your content for any other reason.

Data retention

• Your data is stored for as long as your account is active.
• When you delete a topic, all associated data (knowledge, versions, statements, messages, linked documents) is permanently removed.
• You can delete individual knowledge versions if they contain sensitive information that shouldn't be retained. Deletion is permanent and immediate.
• Account deletion removes all your data. Contact us at hello@iammimiq.io to request account deletion.

Incident response

In the event of a security incident affecting your data, we will notify affected users within 72 hours with details of what happened, what data was involved, and what steps we're taking.

Questions

If you have questions about our security practices, contact us at hello@iammimiq.io.