Security & Privacy
Mika is built on enterprise-grade infrastructure with encryption at every layer, strict data isolation between tenants, and automatic PII purging. Every plan includes the same security protections.
Infrastructure Security
Enterprise-grade providers. Every layer encrypted. No self-managed servers.
Encryption at rest and in transit
All data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Database connections enforce SSL with channel binding. Every API endpoint, dashboard page, and widget connection runs over HTTPS.
SOC 2 compliant infrastructure
Mika runs on SOC 2 compliant infrastructure providers with their own security programs, incident response teams, and uptime SLAs. Payment processing is handled entirely by Stripe (PCI DSS Level 1). Card numbers never touch our systems.
PII handling and data minimization
Personally identifiable information is encrypted at the application level before storage. PII is automatically purged after 90 days. Server logs never contain chat content, API keys, authentication tokens, or personally identifiable information.
Monitoring and incident response
Automated health checks run continuously, testing core services with real requests. Failures trigger immediate alerts to our engineering team. Real-time error tracking captures and surfaces issues across every service.
Compliance
HTTPS everywhere
TLS 1.2+ enforced on all endpoints
SOC 2 infrastructure
All hosting providers
GDPR-ready
Data export and deletion on every plan
PCI DSS Level 1
Via Stripe, no card data on our servers
AES-256 encryption
Data encrypted at rest and application level
Cyber liability insurance
E&O coverage maintained
Data Privacy and Isolation
Encryption at rest and in transit
All data is encrypted using AES-256 at rest and TLS 1.2+ in transit. Database connections enforce SSL with channel binding. There is no unencrypted path to your data.
Data isolation per customer
Every database query is scoped to your business. Conversations, leads, and configuration are completely isolated between tenants.
No data used for AI training
Your visitor conversations are never sent to any third-party training pipeline. Your business data stays under your control.
Automatic PII purging
Personally identifiable information is automatically purged after 90 days. Only non-identifying analytical data is retained. Full data export and deletion available at any time.
AI Safety Controls
Multiple layers of protection ensure Mika operates within the boundaries you define.
Configurable business rules
Define guardrails from your dashboard. Mika enforces them on every message, every conversation, without exception.
Role separation
Visitor input and system instructions exist in isolated layers. Visitor messages cannot access or override business rules.
Content filtering
Every incoming message is scanned and validated before processing. Blocked content never reaches the AI model.
Information boundaries
Mika only has access to the business information provided during onboarding. She cannot fabricate information beyond what she was given.
No autonomous actions
Mika captures leads and books appointments. She cannot process payments, modify orders, or make financial commitments.
Input validation
All inputs are validated, sanitized, and length-limited at the API boundary before any processing occurs.
Operational Boundaries
These are hard limits enforced at the platform level.
Process payments or handle credit card information
Generate discount codes or promotional offers
Modify orders, invoices, or account balances
Share your business data with other tenants
Provide legal, medical, or financial advice
Store credit card numbers or sensitive payment details
Make binding commitments or contractual promises on your behalf
Access external systems or databases without your authorization
Account Security
Two-factor authentication
Two-factor authentication is available for all accounts and mandatory for accounts with vehicle inventory access. Every login requires a verification code.
API key rotation
Regenerate your public API key from the dashboard at any time. The old key is invalidated immediately. Rotation takes effect across all active installations within minutes.
Audit logging
Every configuration change is recorded in an audit log: setting updates, key rotations, domain changes, and team member changes. View events directly from your dashboard.
Data export and deletion
Download a complete export of all your data at any time. One-click account deletion permanently removes everything. No hidden retention policies.
Security FAQ
Is my data encrypted?
Yes. All data is encrypted at rest using AES-256 and in transit via TLS 1.2+ with enforced SSL. Database connections use channel binding for additional authentication protection. Every API endpoint, dashboard page, and widget connection runs over HTTPS.
Where is my data hosted?
Mika runs on enterprise-grade infrastructure from SOC 2 compliant providers. Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. Credit card numbers never touch our systems. All infrastructure providers maintain their own security programs, incident response teams, and uptime guarantees.
Is my data shared with other businesses on the platform?
Never. Every database query is scoped to your unique customer identifier. Your conversations, leads, business information, and configuration are completely isolated. There is no shared data layer between tenants.
Does Mika store conversations for AI training?
No. Your visitor conversations are not used to train AI models. Conversation data is never sent to any third-party training pipeline. Your business data stays under your control.
How long is PII retained?
Personally identifiable information (names, emails, phone numbers, chat message content) is automatically purged after 90 days. Non-identifying analytical data is retained for business intelligence. You can also request immediate deletion of all data at any time from your dashboard.
Can I delete all my data?
Yes. Your dashboard includes a one-click account deletion option that permanently removes all your business data, conversations, leads, and configuration. You can also export a full copy of your data before deletion. This is available on every plan.
Does Mika support two-factor authentication?
Yes. Mika supports two-factor authentication for dashboard accounts. For accounts with vehicle inventory access, two-factor authentication is mandatory and cannot be disabled.
Is Mika GDPR compliant?
Mika provides the tools needed for GDPR compliance: full data export, one-click account deletion, data isolation between tenants, automatic PII purging, and no use of conversation data for AI training. You control what data Mika collects and can delete everything at any time.
Do you have cyber liability insurance?
Dcipher LLC maintains cyber liability and errors and omissions (E&O) insurance coverage. For details or to request a certificate of insurance, contact us at hello@hiremika.com.
Do you have a security contact?
For security inquiries, vendor compliance questionnaires, or to report a vulnerability, contact us at hello@hiremika.com.
Security Inquiries
For vendor compliance questionnaires, certificate of insurance requests, or security-related questions, contact us at hello@hiremika.com.
You Paid for This Traffic. Make It Count.
Every visitor that bounces is ad spend wasted. Mika turns your existing traffic into leads and revenue. Plug and play. Live in 5 minutes.