OpenMirai

Security Policy

OpenMirai Security Policy - How we protect your data and maintain platform security

Your Security is Our Priority

At OpenMirai, we take security seriously. This Security Policy explains how we protect your data, maintain platform security, and what you can do to help keep your information safe.

Our Commitment: We invest heavily in security measures to protect your data and ensure our platform remains safe and reliable for all users.

Our Security Framework

Multi-Layer Security Approach:

  • Infrastructure Security: Secure cloud infrastructure and data centers
  • Application Security: Secure coding practices and regular security testing
  • Data Security: Encryption and access controls for all data
  • Network Security: Protected network connections and monitoring
  • Physical Security: Secure facilities and access controls

Security Standards We Follow:

  • Industry Best Practices: Following established security frameworks
  • Regulatory Compliance: Meeting GDPR, CCPA, and other requirements
  • Regular Audits: Third-party security assessments and certifications
  • Continuous Monitoring: 24/7 security monitoring and threat detection
  • Incident Response: Prepared plans for security incidents

Data Protection Measures

Encryption Standards:

  • Data at Rest: AES-256 encryption for stored data
  • Data in Transit: TLS 1.3 encryption for all communications
  • Database Encryption: Encrypted database storage and backups
  • File Encryption: Encrypted file storage and sharing
  • API Security: Secure API authentication and encryption

Access Controls:

  • Role-Based Access: Different permission levels for different users
  • Multi-Factor Authentication: Additional security for account access
  • Session Management: Secure session handling and timeouts
  • IP Restrictions: Optional IP address restrictions for accounts
  • Device Management: Control over which devices can access accounts

Data Isolation:

  • Tenant Separation: Complete data isolation between organizations
  • User Permissions: Granular control over data access
  • Audit Logging: Complete record of all data access and changes
  • Data Classification: Different security levels for different data types
  • Backup Security: Encrypted and secure backup systems

Infrastructure Security

Cloud Security:

  • Secure Cloud Providers: Using industry-leading cloud services
  • Network Segmentation: Isolated network environments
  • Load Balancing: Distributed and secure traffic handling
  • DDoS Protection: Protection against distributed denial of service attacks
  • Geographic Distribution: Data currently stored in secure locations in Asia, with European expansion planned for December 2024

Server Security:

  • Hardened Systems: Security-hardened server configurations
  • Regular Updates: Automated security patches and updates
  • Vulnerability Scanning: Regular security vulnerability assessments
  • Intrusion Detection: Monitoring for unauthorized access attempts
  • Firewall Protection: Multiple layers of firewall protection

Database Security:

  • Secure Connections: Encrypted database connections
  • Access Controls: Strict database access controls
  • Query Protection: Protection against SQL injection attacks
  • Backup Encryption: Encrypted database backups
  • Audit Logging: Complete database activity logging

Application Security

Secure Development:

  • Code Review: Security-focused code review processes
  • Static Analysis: Automated security code analysis
  • Dependency Scanning: Regular scanning of third-party dependencies
  • Security Testing: Regular penetration testing and security assessments
  • Vulnerability Management: Process for addressing security vulnerabilities

API Security:

  • Authentication: Secure API authentication methods
  • Rate Limiting: Protection against API abuse
  • Input Validation: Validation of all API inputs
  • Output Encoding: Secure output encoding to prevent injection attacks
  • API Monitoring: Continuous monitoring of API usage and security

Web Application Security:

  • HTTPS Enforcement: All communications use secure HTTPS
  • Content Security Policy: Protection against XSS attacks
  • CSRF Protection: Protection against cross-site request forgery
  • Input Sanitization: Cleaning and validating all user inputs
  • Secure Headers: Security-focused HTTP headers

Monitoring and Detection

Security Monitoring:

  • 24/7 Monitoring: Continuous security monitoring and alerting
  • Threat Detection: Automated threat detection and analysis
  • Behavioral Analysis: Monitoring for unusual user behavior
  • Performance Monitoring: Monitoring for security-related performance issues
  • Log Analysis: Analysis of security logs and events

Incident Detection:

  • Automated Alerts: Immediate alerts for security incidents
  • Threat Intelligence: Integration with threat intelligence feeds
  • Anomaly Detection: Detection of unusual patterns or activities
  • Real-time Analysis: Real-time analysis of security events
  • Escalation Procedures: Clear procedures for escalating security issues

Response Capabilities:

  • Quick Response: Rapid response to security incidents
  • Containment: Quick containment of security threats
  • Investigation: Thorough investigation of security incidents
  • Recovery: Fast recovery from security incidents
  • Communication: Clear communication about security issues

Incident Response

Incident Classification:

  • Low Risk: Minor security issues with minimal impact
  • Medium Risk: Security issues with moderate impact
  • High Risk: Serious security issues with significant impact
  • Critical Risk: Severe security issues requiring immediate response

Response Process:

  • Detection: Identify and confirm security incidents
  • Assessment: Evaluate the scope and impact of incidents
  • Containment: Limit the spread and impact of incidents
  • Investigation: Thorough investigation of incident causes
  • Recovery: Restore normal operations and security
  • Post-Incident: Learn from incidents and improve security

Communication Plan:

  • Internal Communication: Clear communication within our team
  • User Notification: Timely notification of affected users
  • Regulatory Reporting: Reporting to relevant authorities when required
  • Public Communication: Transparent communication about incidents
  • Stakeholder Updates: Regular updates to stakeholders

User Security Responsibilities

Account Security:

  • Strong Passwords: Use strong, unique passwords for your account
  • Two-Factor Authentication: Enable 2FA when available
  • Regular Password Changes: Change passwords regularly
  • Unique Passwords: Don't reuse passwords from other services
  • Password Manager: Consider using a password manager

Device Security:

  • Keep Updated: Keep your devices and software updated
  • Antivirus Software: Use reputable antivirus software
  • Secure Networks: Only use secure, trusted networks
  • Device Locking: Lock your devices when not in use
  • Secure Browsing: Use secure browsers and avoid suspicious sites

Data Protection:

  • Data Backup: Regularly backup important data
  • Secure Sharing: Only share data with authorized users
  • Data Classification: Understand the sensitivity of your data
  • Access Review: Regularly review who has access to your data
  • Secure Disposal: Securely dispose of sensitive data

Security Features for Users

Available Security Tools:

  • Two-Factor Authentication: Additional account security
  • Session Management: Control active sessions and devices
  • Login Notifications: Alerts for new login attempts
  • Account Activity: View your account activity and access logs
  • Security Settings: Customize your security preferences

Security Monitoring:

  • Login History: Track all login attempts and locations
  • Device Management: Manage devices that can access your account
  • Permission Review: Regular review of account permissions
  • Security Alerts: Get notified of security-related activities
  • Account Lockout: Automatic account protection for suspicious activity

Compliance and Certifications

Regulatory Compliance:

  • GDPR: Working toward European Union data protection compliance
  • CCPA: Working toward California privacy protection compliance
  • FERPA: Working toward educational privacy protection compliance
  • SOC 2: Planning to obtain security and availability controls certification
  • ISO 27001: Planning to obtain information security management certification

Industry Standards:

  • OWASP: Following OWASP security guidelines
  • NIST: Aligning with NIST cybersecurity framework
  • Cloud Security: Following cloud security best practices
  • Data Privacy: Implementing privacy by design principles
  • Security Training: Regular security training for our team

Security Updates and Improvements

Regular Updates:

  • Security Patches: Regular application of security patches
  • Feature Updates: Security-focused feature improvements
  • Infrastructure Updates: Regular infrastructure security improvements
  • Policy Updates: Regular updates to security policies and procedures
  • Training Updates: Regular security training updates for our team

Continuous Improvement:

  • Security Reviews: Regular security architecture reviews
  • Threat Assessment: Regular assessment of security threats
  • Vulnerability Management: Continuous vulnerability identification and remediation
  • Security Testing: Regular security testing and assessment
  • User Feedback: Incorporating user feedback into security improvements

Security Support and Reporting

Security Questions?

If you have questions about our security measures or need to report a security concern:

Email us at: heretohelp@openmirai.com

What to include in your email:

  • Your specific security question or concern
  • Any suspicious activity you've noticed
  • Your account information (if applicable)
  • Any relevant details about your situation

Security Incident Reporting:

For urgent security issues:

  • Immediate Response: We respond to urgent security issues immediately
  • 24/7 Support: Security team available for critical issues
  • Escalation: Clear escalation procedures for urgent matters
  • Follow-up: We follow up to ensure issues are resolved

Response Time:

  • General Questions: Within 24-48 hours
  • Security Concerns: Within 24 hours
  • Urgent Issues: Immediate response for critical security matters
  • Incident Updates: Regular updates during incident response

OpenMirai Security Policy
Beta Status: Active until November 1, 2025

Security Questions? Email us at heretohelp@openmirai.com

Your security is our priority. We're committed to protecting your data and working toward industry security standards as we expand globally.

Community Guidelines

OpenMirai Community Guidelines - Building a positive, inclusive, and productive learning environment

Cookie Policy

OpenMirai Cookie Policy - How we use cookies and similar technologies on our platform

On this page

Your Security is Our PriorityOur Security FrameworkMulti-Layer Security Approach:Security Standards We Follow:Data Protection MeasuresEncryption Standards:Access Controls:Data Isolation:Infrastructure SecurityCloud Security:Server Security:Database Security:Application SecuritySecure Development:API Security:Web Application Security:Monitoring and DetectionSecurity Monitoring:Incident Detection:Response Capabilities:Incident ResponseIncident Classification:Response Process:Communication Plan:User Security ResponsibilitiesAccount Security:Device Security:Data Protection:Security Features for UsersAvailable Security Tools:Security Monitoring:Compliance and CertificationsRegulatory Compliance:Industry Standards:Security Updates and ImprovementsRegular Updates:Continuous Improvement:Security Support and ReportingSecurity Questions?Security Incident Reporting:Response Time:Related Documents