Technical and Organizational Measures (TOMs)
At Mimic Networks, Inc. ("Mimic"), we prioritize the security and confidentiality of our customers' data. Our comprehensive security measures are designed to protect against unauthorized access, data breaches, and other potential threats.
Physical Security
Our services are hosted in production data centers equipped with robust physical, operational, and environmental security controls. These facilities are engineered to withstand adverse weather and other foreseeable natural conditions. In the event of a power failure, on-site backup generators ensure continuous operation. Physical access is restricted to authorized personnel through multi-factor authentication measures, with approved third parties escorted by authorized staff. The premises are monitored by on-site security guards and protected by surveillance and intrusion detection systems.Reliability and Backup
All customer data entered into Mimic's services are automatically replicated in near real-time at the database layer and are regularly backed up to secure, encrypted, and redundant storage.Business Continuity and Disaster Recovery
Mimic maintains comprehensive business continuity and disaster recovery plans. We have reserved instances in different regions to serve as backups in case of primary region failures. Our hosting provider utilizes geographically diverse disaster recovery facilities, complete with necessary hardware, software, and internet connectivity, to ensure service continuity. These disaster recovery plans are tested at least annually to validate the ability to failover a production instance from the primary to a secondary data center. Mimic also conducts regular tests of its own business continuity and disaster recovery plans.Malware Protection
We employ software and other industry-standard measures to mitigate the risk of exposure to viruses, malware, and other known indicators of compromise.Data Encryption
Customer data in transit is encrypted using TLS 1.2 or higher to ensure secure communications. Data at rest is encrypted with AES-256 encryption, following GCP’s default storage encryption standards. Encryption keys are managed through Google Cloud Key Management Service (KMS), which provides centralized control over the encryption keys. Each key remains consistent for the lifecycle of the respective resource, ensuring data stability and integrity. All backup files are stored in Google Cloud Storage, within encrypted buckets located in the U.S. region, adhering to GCP’s compliance with industry-leading security standards.Retention and Deletion of Customer Data
Customer data is deleted in accordance with Mimic's agreements with customers.Secure Development
Mimic has implemented policies and mechanisms to enable developers to identify security issues—including security bugs, third-party vulnerabilities, and misconfigurations—during the development process. Automated scans are performed on each change, providing information and guidance on remediation before deployment. Additionally, all changes undergo peer review to ensure alignment with defined secure software development practices.Infrastructure as Code
Our infrastructure is built using infrastructure as code frameworks to automate the build and scale of production workloads. All code is scanned and reviewed for security and performance impacts prior to deployment.Endpoint Security
User endpoints are managed in accordance with industry standards on security. Policies and technical mechanisms are in place to restrict access to customer data exclusively to Mimic-managed endpoints.Continuous Assessment
Mimic employs continuous monitoring tools to assess the security of its systems and services in real-time, identifying potential issues. Any identified issues are reviewed and remediated as appropriate, based on severity.Operational and Security Audits
We complete annual audits against SOC 2 security requirements. Please contact Mimic's sales or customer support teams to request a copy of these audit reports. The SOC 2 Trust criteria cover the following areas:- Security: The system is protected against unauthorized access (both physical and logical).- Availability: The system is available for operation and use as committed or agreed.- Confidentiality: Information designated as "confidential" is protected according to applicable agreements.Security Assessments
Mimic maintains a bug bounty program to facilitate security reviews of its application and infrastructure by top security researchers, aiming to identify security bugs or misconfigurations that could materially impact our security controls.