Security & Compliance

How does MiOpsAI encrypt my data?

MiOpsAI uses AES-256 encryption at rest for all stored data and TLS 1.3 for data in transit. Encryption keys are managed via a hardware-backed key management service, and tenant data is logically isolated so one customer's encrypted data is never accessible to another, even at the storage layer.

Encryption at rest

  • Database: AES-256 encryption applied at the storage volume level
  • File attachments: encrypted before write to object storage; decryption keys per-tenant
  • Backups: encrypted with separate key material from primary storage; immutable for the retention window
  • Audit logs: encrypted and append-only, with tamper detection
  • Search indexes: encrypted; semantic embeddings stored encrypted in the vector store

Encryption in transit

  1. TLS 1.3 with modern cipher suites for all client-server traffic
  2. HSTS enforced across miopsai.io and all customer subdomains
  3. Certificate pinning for the mobile app
  4. Internal service-to-service traffic encrypted with mutual TLS
  5. API traffic to AI providers (OpenAI, Anthropic) over enterprise endpoints with TLS and contractual no-train commitments

    6. Tenant isolation

    Beyond encryption, every customer's data lives in a logically isolated tenant. LizziAI's memory is scoped per tenant; your conversations, knowledge base, and client records are never used to inform any other customer's instance. Tenant boundaries are enforced at the application layer with row-level security in the database, not just by application logic.

    Key management

    Encryption keys are stored in a managed KMS, rotated on schedule, and never accessible to MiOpsAI engineers in plaintext. Even with full database access, an attacker cannot decrypt customer data without the key material, which lives in a separate, audited system.

    What about the AI side

    When LizziAI sends a request to an underlying model provider, it sends only the data needed for that specific task, never your full data set. We use enterprise API tiers with OpenAI and Anthropic, which contractually prohibit using your data to train their public models. Prompts and responses are encrypted in transit and not logged on the provider side beyond what their compliance frameworks require.

    Compliance posture

    SOC 2 Type II certification is in progress (target completion 2026-Q3). HIPAA-aligned configuration available for healthcare customers on Enterprise+ plans. Read the full privacy policy or talk to us if your security team needs to review specifics.

Last updated April 21, 2026

Related questions

Is MiOpsAI SOC 2 compliant?Does MiOpsAI use my data to train AI models?How does MiOpsAI handle data breaches and incidents?Does MiOpsAI comply with GDPR for European customers?Can I delete all my data from MiOpsAI permanently?Does MiOpsAI comply with CCPA for California residents?

Ready to see MiOpsAI in action?

Request access and we’ll walk you through how the platform solves your specific workflow.

Request Access →