Security
How MIR protects your data and platform integrity
Last updated: December 2025
MIR is designed as privacy-first, abuse-resistant reputation infrastructure. Security is foundational to the platform—not an add-on.
Data Protection
- All data encrypted in transit (TLS/HTTPS only) and at rest (disk-level encryption)
- Credentials and API keys are cryptographically hashed, never stored in plaintext
- We store only the minimum data required for continuity signals
- MIR does not label or rank users — history tiers reflect activity volume, not trustworthiness
Personally Identifiable Information
MIR stores exactly one piece of PII: an email address. This is a deliberate architectural constraint, not a policy preference. No names, profile data, or identity attributes are stored. Participation history is recorded independently of identity and cannot be reverse-engineered into platform activity or personal behavior.
Authentication
- Passwordless authentication with short-lived, single-use login links
- Secure, HTTP-only cookies with same-site enforcement
- Automatic session expiration and rotation
- Nonce-bound login links prevent cross-browser session hijacking
Infrastructure
- Hosted on isolated VPC networking with private databases
- Inbound access restricted via firewall allowlists
- Rate limiting and connection caps prevent abuse
- Production, staging, and development environments fully isolated
Partner API Security
- Partner integrations authenticate via hashed API keys over TLS
- Credentials scoped to specific organizations with tier-based access controls
- Rate-limited and quota-controlled access
- Credentials revocable at any time
Transparency & Auditability
All partner queries are logged and auditable. Users can view which platforms queried their MIR history and when. We believe security should come with transparency, not opacity.
Incident Preparedness
- Partner credentials can be rotated or revoked immediately
- Per-endpoint rate limits with tier-based thresholds
- Structured audit logging of all API access and authentication events
- Automated backups and recovery procedures in place
Questions about security?
We're happy to discuss our security practices in more detail.
Contact Us
FAQ
MIR