Security

Built for teams that take security seriously

Last updated: June 2026

GDPRAlignedSOC 2 Type 2Audit in progressCASA Tier 2Certified

Mio is built for teams that take security seriously. Here’s a short summary of how we handle your data. For the full picture — DPA, SOC 2 report, security questionnaire — write to security@mio.xyz.

What we do

  • Host customer data on Google Cloud in Paris, France (region europe-west9).
  • Encrypt data in transit and at rest.
  • Never use customer data to train AI models.
  • Run a small team with documented access policies, SSO-backed authentication, and audit logs.
  • Delete customer data within 30 days of account termination.

Sub-processors

Google Cloud PlatformApplication and database hosting (region europe-west9, Paris).
AnthropicLLM inference (Claude models). United States.
OpenAIText embeddings for semantic search (text-embedding-3-small). United States.
SlackWorkspace data ingress, Web API egress, and OAuth. United States.
LangfuseLLM observability and tracing.
TavilyWeb search for the researcher subagent.
Temporal CloudWorkflow orchestration (region europe-west3, Frankfurt).
PipedreamIntegration connector for third-party app tools.

A complete sub-processor list, including any added since this page was last updated, is available on request. Optional integrations that you connect to Mio (Google Workspace, GitHub, Notion, Linear, HubSpot, Calendly, Asana, Sentry, Supabase) are third-party services you authorise — they are data sources, not Mio sub-processors.

Frequently asked questions

Vulnerability disclosure

Report security issues to security@mio.xyz. We acknowledge reports within 48 hours and won’t take legal action against good-faith research conducted under standard responsible-disclosure practice.

Get in touch

Security questions, DPAs, SOC 2 report requests, and procurement questionnaires: security@mio.xyz. See also our privacy policy and terms of service.