Enterprise-grade encryption, strict data isolation, and transparent security practices — so you can use Mimir with confidence.
Every piece of user content is encrypted with AES-256-GCM before it reaches the database. Field-level encryption means your project names, sources, themes, recommendations, and chat messages are all individually encrypted — not just the disk they sit on.
Every database query is automatically scoped to your user account. There is no API call, no URL, and no query parameter that can return another user's data. This is enforced at the database layer, not just the application layer.
Sign in with Google OAuth — we never store passwords. Sessions are database-backed and can be revoked server-side. Every API route checks authentication before returning data.
Hosted on Vercel's SOC 2 certified infrastructure. PostgreSQL database with parameterized queries (no raw SQL, no SQL injection). All traffic encrypted in transit via HTTPS, enforced with HSTS.
Content Security Policy, clickjacking protection (X-Frame-Options DENY), strict transport security, and per-user rate limiting across all API endpoints. Camera, microphone, and geolocation APIs are disabled.
We use Anthropic's Claude API to analyze your data. Anthropic does not train on API inputs. Your data is processed, structured results are encrypted and stored — nothing is shared with third parties for model training.
Mimir implements security controls aligned with SOC 2 principles — encryption at rest, access controls, audit logging, and data isolation. We're working toward formal SOC 2 certification and actively building GDPR-compliant data export and deletion tooling.
Want the full technical details?