Security Policy
Compliance & Security Certifications
Middleware successfully completed the AICPA SOC2(Service Organization Control) audit.
The audit was performed by Prescient Assurance & confirms that Middleware’s information security practices, procedures, policies and operational pipeline meet the SOC2 standards for security.
The continuous compliance under SOC2 principles across our organization is monitored by Vanta.
Our current & prospective customers can request access to the audit report by reaching out to our security & privacy email after accepting NDA terms.
Secure Operational Practices
Middleware’s standard operational practices make sure that Confidentiality or Non-Disclosure Agreements (NDAs) are signed by all employees and contractors, who have a need to access sensitive or internal information.
Middleware’s support team accesses application data only for maintenance, application health and upon customer’s request if needed to provide support.
Secure Software Development
We build security into our DNA:
Secure development lifecycle enforced at every phase
Mandatory design reviews for proactive threat mitigation
Continuous team training in the latest security best practices
OWASP Top 10 adherence for comprehensive web app protection
Security Testing Practices
Middleware safeguards & mitigates potential threats with rigorous security testing:
Regular penetration testing and vulnerability scans on production environments.
In-depth code analysis (static and dynamic) including open-source libraries.
Cloud Security
Middleware Cloud is hosted on Amazon’s AWS servers (data center in India).
Individual Data Storage: Each account's data is securely isolated, ensuring privacy and preventing any cross-contamination.
Secure Access: Every request is rigorously verified before any data access is granted – unauthorized attempts are blocked.
Robust Encryption: Your data is encrypted both when stored and during transmission, safeguarding it from prying eyes.
Reliable Backups: Daily backups of your data are encrypted and securely stored on the trusted Amazon Web Services platform, with a 7-day retention for disaster recovery.
Contact Us
If you have any questions about this Privacy Policy, please contact us by email: contact[at]middlewarehq[dot com].