Security & data.
The technical reference for how Mijoro handles your data. For procurement reviews, security questionnaires, and anyone asking "where exactly does this live?"
Encryption
Data is encrypted in transit (TLS 1.3+ for every connection — API, web, integrations), at rest (database-level encryption on every storage layer), and at sleep (encrypted backups). Integration tokens are stored with AES-256-GCM symmetric encryption; the platform stores refresh tokens, not raw credentials. Session tokens are stored only as SHA-256 hashes server-side — the raw token never persists.
Authentication
Argon2id password hashing. No third-party identity provider. Opaque session tokens delivered via HTTP-only cookies with the Secure flag set in production. Session reset on password change rotates every active session globally — useful for incident response. Two-factor authentication is on the near-term roadmap.
Data isolation
Logical per-tenant isolation enforced at the application layer. Every database query is scoped by user_id at the route handler level. No shared queryspace. No cross-customer data leakage paths. Public derivatives of competitor and counterparty research (only non-PII content) are intentionally shared across the platform to improve quality for everyone — but your private data never crosses the boundary.
Training data
Your files, your interview answers, your integration data — none of it is used to train AI models. Mijoro's intelligence layer is patent-pending architecture built on the frontier of language model capabilities, with strict no-training-on-customer-data agreements with every model provider. Your context is used to write your reports. That's the entire contract.
Provenance & audit trail
Every artifact ships with a cryptographic hash signature derived from a Merkle tree over its inputs. Verifiable later — at the legal level if you need it — that the document you signed off on hasn't been edited since. Every claim in every artifact can be traced back through the platform to the file, conversation, or data point that produced it.
Retention
Active account data is retained as long as your subscription is active. On cancellation, data is retained for 90 days for export — after which it's deleted on a schedule we can confirm in writing. Info-severity signals older than 180 days are auto-purged. Decayed strategic graph edges older than their decay half-life are auto-purged. Backups are retained for 30 days post-deletion before secure overwrite.
The factory reset
One button in your account settings, gated by the typed confirmation phrase DELETE EVERYTHING. Wipes every run, every dossier, every uploaded file, every conversation, every artifact, every integration token. Account identity row stays so you can re-onboard if you want; everything else is gone. The cascade includes backups.
Compliance
Architecture mapped to SOC 2 Type II controls; certification process is in progress with an active audit window. GDPR-ready data handling postures: right to access, right to delete, data portability, lawful basis documentation. Per-region data residency available for Enterprise and Boardroom tiers on request.
Security contact
Vendor security questionnaires, DPA reviews, incident reports, vulnerability disclosures, anything else: security@mijoro.com. We respond within one business day.