Our success hinges on providing a safe and trustworthy environment for your subscription data. Protecting your data is our obsession, which involves a cross-functional approach with initiatives big and small. Here’s an overview of the major themes of our privacy and security protocols.
Restricted access to Databases and data storages
Access to Databases and data storages is restricted to three senior executives in the organization. Developers do not have direct data access. The only way this data can be accessed in any human readable form by our developers is through independently designed authentication gateways. The gateway comprises a homegrown querying engine which masks private and personally identifiable information, throttles and audits all data query operations.
Restricted support personnel access
Our customer support personnel need access to your portal to provide support. Miraki Technologies has taken extreme measures to protect privacy here too. For a Miraki Technologies support person to assist you and access any information, they would have to be granted access by you explicitly and they are given a secure one-time random password generated for every such support incident. These temporary credentials can be terminated by the customer within minutes or will last at most an hour in case customer forgot to terminate.
No local or on-premise storage of data
Miraki Technologies leverages Microsoft Azure and Amazon AWS cloud infrastructure each with it's own private network. We do not use any other local or on-premise infrastructure to store any customer information on our development or test environments
GDPR Compliance
Miraki Technologies maintains compliance with the EU’s General Data Protection Regulation and maintains product features, corporate protocols, and legal documents to help our users and customers comply.
In-transit Encryption
Sessions between you and your portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
Web Application and network firewalls
Miraki Technologies monitors potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the Miraki Technologies platform contains Distributed Denial of Service (DDoS) prevention defenses to help protect your site and access to your products.
Software development lifecycle (SDLC) Security
Miraki Technologies implements static code analysis tools and human review processes in order to ensure consistent quality in our software development practices. Our Secure Coding practices are in accordance with OWASP guidance
Physical security
Miraki Technologies products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance
Patch management
Miraki Technologies patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.
Security incident response
Miraki Technologies security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
Vulnerability assessment
Miraki Technologies tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
Penetration testing
Miraki Technologies leverages 3rd party penetration testing firms several times a year to test the Miraki Technologies products and product infrastructure.
External audit & certification
Miraki Technologies conducts regular external audits and certification
99.9% Uptime
Miraki Technologies availability is consistently above 99.9%. Customer data is 100% backed up to multiple online replicas with additional snapshots.
24x7x365 Monitoring
Our product and operations team monitor application, software, and infrastructure behavior using proprietary and industry recognized solutions.
Data Center Redundancy
Miraki Technologies maintains multiple failover instances to prevent outages from single points of failure.
Disaster Recovery
Miraki Technologies has robust controls in place to recover data and application code in shortest time. Recovery Point Objective (RPO) and Recovery Time Objective (RTO) when applied for data within same geography is 5 seconds and 1 Hour respectively. We have 45 days point in time restoration which allows us to restore any desired date and time within these last 45 days. RPO and RTO when applied for data stored in different geography in the unlikely event of a natural disaster is 12 hours and 1 hour respectively