Your data is safe with us.
We take security seriously — not as a checkbox, but as a core part of how we build. Encryption in transit and at rest, regular audits, and compliance certifications that enterprise teams require.
SOC 2 Type II
Audited annually for security, availability, and confidentiality controls.
SOC 3
Public report confirming our SOC 2 controls.
HIPAA
Business associate compliant for healthcare customers.
GDPR
Full compliance with EU data protection regulations.
CPRA
Compliant service provider under California privacy law.
Google Audited
Verified by Google for OAuth and API security standards.
ISO 27001/27017/27018
Via AWS and MongoDB infrastructure partners.
PCI DSS Level 1
Payment card industry data security standard.
How we handle your data
Encryption: Data is encrypted in transit using TLS and at rest using AES-256.
Infrastructure: Hosted on AWS virtual private cloud with failover and backup instances.
Database: MongoDB with industry-standard security configurations.
Access: Calendar and contact data accessed via OAuth — not stored long-term.
Bug bounty: We maintain a vulnerability reporting program at security@mixmax.com.
Legal & compliance docs
Enterprise-grade security. Startup-speed setup.
Start free. SOC 2 certified. HIPAA compliant.