Encryption by Default
All traffic is protected with TLS 1.3 in transit and data at rest is encrypted with AES-256 on Supabase-managed storage.
SOC 2 Type II Compliant
Enterprise Security Architecture
Bank-level encryption and privacy controls designed specifically for confidential executive communication data.
GDPR Security Controls
This page summarizes the technical controls used for executive communication data, including transport security, encryption, access policies, retention, and deletion workflows.
Data Access Control
Row-Level Security (RLS) enforces per-user and per-organization data boundaries. Access is limited to authorized personnel under least-privilege principles.
Voice and Video Processing
Voice and video workloads are processed on Azure. This data is not used to train foundation models and follows a 90-day retention policy for uploaded media.
Right to Erasure
Users can request full account deletion from profile settings using Eliminar mi cuenta, including associated analysis artifacts according to retention policies.
Compliance Scope
Mi.Coach operates with GDPR-aligned controls and Consent Mode v2 for analytics consent signaling and preferences management.
Incident Handling
Security incidents follow documented response procedures with containment, impact analysis, and notification workflows.
Report a Vulnerability
If you discover a potential vulnerability, contact our security team and include reproduction steps, impact scope, and evidence.
security@mi.coach