Security
Built for teams that take security seriously
Last updated: June 2026
Mio is built for teams that take security seriously. Here’s a short summary of how we handle your data. For the full picture — DPA, SOC 2 report, security questionnaire — write to security@mio.xyz.
What we do
- Host customer data on Google Cloud in Paris, France (region europe-west9).
- Encrypt data in transit and at rest.
- Never use customer data to train AI models.
- Run a small team with documented access policies, SSO-backed authentication, and audit logs.
- Delete customer data within 30 days of account termination.
Sub-processors
A complete sub-processor list, including any added since this page was last updated, is available on request. Optional integrations that you connect to Mio (Google Workspace, GitHub, Notion, Linear, HubSpot, Calendly, Asana, Sentry, Supabase) are third-party services you authorise — they are data sources, not Mio sub-processors.
Frequently asked questions
Vulnerability disclosure
Report security issues to security@mio.xyz. We acknowledge reports within 48 hours and won’t take legal action against good-faith research conducted under standard responsible-disclosure practice.
Get in touch
Security questions, DPAs, SOC 2 report requests, and procurement questionnaires: security@mio.xyz. See also our privacy policy and terms of service.