Skip to main content

Overview

At mixus, security and privacy are fundamental to everything we build. We understand that when you trust us with your data, conversations, and business processes, we have a responsibility to protect them with the highest standards of security and compliance. Our platform is designed with a security-first approach, implementing multiple layers of protection to ensure your data remains safe, private, and under your control at all times.

How Security Works

Multi-Layer Protection

mixus implements defense-in-depth security architecture:
  • Infrastructure Security: Enterprise-grade cloud infrastructure with multiple security zones
  • Network Security: Advanced firewalls, DDoS protection, and traffic filtering
  • Application Security: Secure coding practices, regular security assessments, and vulnerability management
  • Data Security: Transport encryption (TLS) and encryption at rest; optional end‑to‑end encryption for enterprise
  • Access Security: Strong authentication, authorization controls, and session management

Real-Time Threat Protection

Our security systems continuously monitor for:
  • Unauthorized access attempts
  • Suspicious user behavior patterns
  • Potential data breaches or intrusions
  • Malicious content and spam
  • Automated bot attacks

Key Security Features

🔐 Strong Authentication

  • Multiple authentication methods including email, social login, and enterprise SSO
  • Advanced session management with automatic timeout
  • Account security monitoring and suspicious activity detection
  • Password security with breach detection and strength requirements

🛡️ Multi-Factor Authentication (MFA)

  • SMS-based verification codes
  • Time-based one-time passwords (TOTP) via authenticator apps
  • Hardware security keys for maximum protection
  • Recovery codes for account access backup
  • Flexible MFA policies for organizations
Note: Organization‑wide MFA enforcement is configured by the mixus team on request (not self‑serve yet).

🏢 Enterprise Single Sign-On (SSO)

  • SAML 2.0 integration with enterprise identity providers
  • OpenID Connect (OIDC) support
  • Seamless integration with popular enterprise systems
  • Advanced user provisioning and deprovisioning
  • Custom domain and branding support
Note: SSO enablement is handled by the mixus team on request (not self‑serve yet).

🔒 Data Protection

  • Encryption at rest for all stored data
  • Transport encryption (TLS 1.2+) for all data in transit
  • Optional end‑to‑end encryption available for enterprise (not enabled by default)
  • Centralized secrets management with automated rotation
  • Geographic data residency options (limited; expanding)

📊 Access Controls

  • Role-based access control (RBAC) for organizations
  • Granular permissions management
  • Principle of least privilege enforcement
  • Regular access reviews and auditing
  • Secure API authentication and authorization

Privacy Protection

Data Minimization

We collect only the data necessary to provide our services:
  • Account information required for authentication
  • Conversation data to enable AI interactions
  • Usage analytics to improve performance and features
  • Technical logs for security and troubleshooting

User Control

You maintain complete control over your data:
  • View: Access all your data through account settings
  • Export: Download your complete data archive
  • Delete: Remove specific data or your entire account
  • Control: Manage sharing settings and privacy preferences

Purpose Limitation

Your data is used only for:
  • Providing and improving mixus services
  • Ensuring security and preventing abuse
  • Complying with legal obligations
  • Communications about your account and services

Compliance & Certifications

Current Status

  • SOC 2 Type I: On track to complete in August 2025
  • SOC 2 Type II: In audit; target October 2025
  • ISO 27001: In audit; target October 2025
  • GDPR: Program in progress; data rights (export/delete) supported

Enterprise Compliance

  • HIPAA: Available for healthcare organizations with Business Associate Agreement
  • SOX: Financial controls for publicly traded companies
  • PCI DSS: Payment card industry security standards (where applicable)

Assessments & Testing

  • Independent penetration test completed June 2025 (passed)
  • Continuous vulnerability management and remediation
  • Ongoing security control effectiveness monitoring

Transparency & Accountability

Security Reporting

  • Regular security bulletins and updates
  • Incident response and breach notification procedures
  • Vulnerability disclosure program
  • Security best practices documentation

Privacy Notices

  • Clear, comprehensive privacy policy
  • Regular privacy impact assessments
  • Data processing agreements for enterprise customers
  • Cookie and tracking technology disclosures

Use Cases

Personal Users

  • Secure Conversations: Private AI interactions with transport encryption and encryption at rest
  • Data Privacy: Complete control over personal information and conversation history
  • Account Security: Multi-factor authentication to prevent unauthorized access

Small Teams

  • Team Privacy: Isolated workspaces with secure sharing controls
  • Access Management: Role-based permissions for team members
  • Compliance: GDPR‑aligned practices with data rights support

Enterprise Organizations

  • Enterprise SSO: Integration with existing identity management systems
  • Advanced Security: Hardware security keys and advanced threat protection
  • Audit & Compliance: Comprehensive logging and compliance reporting
  • Data Governance: Advanced data residency and retention controls

Security Best Practices

For Users

  1. Enable MFA: Add multi-factor authentication to your account
  2. Strong Passwords: Use unique, complex passwords with a password manager
  3. Regular Reviews: Periodically review your account activity and permissions
  4. Secure Devices: Keep your devices updated and use endpoint protection
  5. Privacy Settings: Review and configure your privacy preferences

For Organizations

  1. SSO Integration: Implement enterprise single sign-on for centralized control
  2. Access Policies: Define clear role-based access control policies
  3. Security Training: Educate team members on security best practices
  4. Regular Audits: Conduct periodic security and access reviews
  5. Incident Planning: Develop incident response and business continuity plans

Limitations

Current Limitations

  • Regional data residency options are limited (expanding in 2025)
  • Advanced compliance features require enterprise plans
  • Some MFA methods may not be available in all regions
  • Custom security policies require enterprise configuration

Planned Enhancements

  • Enhanced geo-location controls
  • Advanced threat intelligence integration
  • Additional compliance certifications
  • Expanded MFA options and policies

Troubleshooting

Common Security Issues

Cannot access account after enabling MFA
  • Use recovery codes provided during MFA setup
  • Contact support with account verification information
  • Verify authenticator app time synchronization
Suspicious activity notifications
  • Review recent account activity in security settings
  • Change password immediately if unauthorized access suspected
  • Enable additional security measures like MFA
Enterprise SSO not working
  • Verify SSO configuration with your IT administrator
  • Check identity provider settings and certificates
  • Ensure proper user provisioning and group mappings

Getting Security Help

  • Email: support@mixus.com
  • Emergency security issues: Include “URGENT SECURITY” in subject line
  • Documentation: Comprehensive security guides in knowledge base
  • Community: Security discussions in user forums
Your security and privacy are our top priorities. We continuously invest in the latest security technologies and practices to ensure your data remains protected. If you have any security concerns or questions, our security team is available 24/7 to assist you.
I