Security

Last updated: June 2026

Mio is built for teams that take security seriously. Here’s a short summary of how we handle your data. For the full picture — DPA, SOC 2 report, security questionnaire — write to security@mio.xyz.

What we do

• Host customer data on Google Cloud in Paris, France (region europe-west9).
• Encrypt data in transit and at rest.
• Never use customer data to train AI models.
• Run a small team with documented access policies, SSO-backed authentication, and audit logs.
• Delete customer data within 30 days of account termination.

Sub-processors

• Google Cloud Platform — application and database hosting (region europe-west9, Paris).
• Anthropic — LLM inference (Claude models). United States.
• OpenAI — text embeddings for semantic search (text-embedding-3-small). United States.
• Slack — workspace data ingress, Web API egress, and OAuth. United States.
• Langfuse — LLM observability and tracing.
• Tavily — web search for the researcher subagent.
• Temporal Cloud — workflow orchestration (region europe-west3, Frankfurt).
• Pipedream — integration connector for third-party app tools.

A complete sub-processor list, including any added since this page was last updated, is available on request. Optional integrations that you connect to Mio (Google Workspace, GitHub, Notion, Linear, HubSpot, Calendly, Asana, Sentry, Supabase) are third-party services you authorise — they are data sources, not Mio sub-processors.

Vulnerability disclosure

Report security issues to security@mio.xyz. We acknowledge reports within 48 hours and won’t take legal action against good-faith research conducted under standard responsible-disclosure practice.

Get in touch

Security questions, DPAs, SOC 2 report requests, and procurement questionnaires: security@mio.xyz.

See also: Privacy policy · Terms of service.