You're handing Mijoro the most sensitive material your company produces — your board decks, your financials, your strategy, your unfair-advantages. Below is exactly what we do with it, exactly what we don't, and exactly how we prove it. No vague promises. No "industry-standard" hand-waving.
Every file you upload arrives over TLS 1.3 and is encrypted at rest with AES-256 the moment it lands. The plaintext exists for the milliseconds the platform needs to extract content.
Mijoro reads, embeds, and writes against a per-tenant logical partition. No shared keyspace. No cross-customer index. No tenant ever queries data they don't own.
Postgres in the region you choose, behind a private network. Daily encrypted backups. Point-in-time recovery. No data ever leaves your region without your explicit consent.
Reports leave the platform signed (Merkle-tree audit trail), encrypted in transit, and delivered to recipients you specify. Share links are token-protected, expire by default, and revocable in one click.
Factory reset wipes every file, every derived artifact, every backup row, every embedding. The account skeleton stays. Everything we ever produced for you is gone within fifteen minutes.
Every file, every conversation, every artifact lives in an encrypted database in a region you control. At rest, in transit, and at sleep — encryption is non-optional. Per-tenant logical isolation; no shared keyspace; no cross-customer leakage paths.
Your files, your numbers, your interview answers — none of it is used to train AI models. Your strategic context is yours. It's used to write your reports. That's the entire contract.
Every sentence Mijoro writes can be traced back to the file, the conversation, or the data point that produced it. Click any claim and the platform shows you exactly where it came from. Nothing fabricated. Nothing unverifiable.
Every report Mijoro produces ships with a cryptographic hash. You can verify later — at any time — that the report you signed off on hasn't been edited since. The audit trail is a Merkle tree over every stage of every artifact.
Argon2id-hashed passwords. Session tokens stored only as hashes server-side. Password reset rotates every active session in one move — if you suspect anything, you can lock out every device on the account in seconds.
Factory reset wipes everything we ever produced for you — every run, every dossier, every uploaded file, every conversation, every embedding. One confirmation phrase, one click. Account row stays; everything else is gone in under fifteen minutes including backups.
Architecture mapped to SOC 2 Type II controls; certification in progress. GDPR-ready data handling, including data-subject-access and right-to-be-forgotten flows. Per-region data residency available on Enterprise and Boardroom tiers.
Outbound email runs through audited transactional infrastructure. Public share links are token-protected, expire by default (24 hours unless extended), view-count cappable, and revocable in one click. Recipients are recorded; surprise is impossible.
We keep this list small on purpose. Every subprocessor is contracted to zero-retention or short-retention windows. None of them are permitted to train on customer content.
Subprocessor list is binding. We give thirty days' notice before adding any new vendor that touches customer data. Subscribe to the subprocessor change log →
We run a private vulnerability disclosure program. Email security@mijoro.com with reproduction steps. We acknowledge within one business day, triage within three, and credit reporters on resolved findings (unless you prefer anonymity).
Email security@mijoro.com for security questions, data processing agreements, vendor reviews, penetration test reports, or anything else you'd ask before handing a platform your most sensitive material. We answer within one business day.