Log inStart free trial

Security Overview

Our practices for protecting customer data.

Last updated · April 2026

Overview

Security Measures

Midpage maintains administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of Customer Data. The measures below reflect Midpage's minimum controls and are independently validated through an annual SOC 2 Type II audit.

01

Transparent Data Handling

  • The web app stores product data needed for features like chat history, saved work, account administration, and support — this may include user queries, uploaded materials, and generated outputs while an account remains active.
  • We delete web app data within 60 days of account deletion or a valid deletion request.
  • For plugins and integrations, we do not store submitted queries, uploads, or outputs, though these workflows may still share submitted queries with model providers.
  • Model providers may retain submitted queries for up to 60 days.

02

No AI Model Training

  • Midpage does not use customer data to train or fine-tune AI models.
  • Midpage’s agreements with AI model providers do not permit those vendors to train on Midpage customer data.

03

Robust Data Security

  • Customer Data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher, in each case using industry-standard cryptographic algorithms.
  • All production systems are continuously monitored. This includes activity logging, file integrity monitoring, vulnerability scanning, and malware detection.
  • Midpage operates on secure cloud infrastructure with redundancy and disaster recovery measures in place.

04

Strict Access Controls

  • Access to systems containing Customer Data is governed by role-based access controls and limited to authorized personnel.
  • Multi-factor authentication is required for access to production systems and any environments containing Customer Data.
  • Access permissions are reviewed no less than twice a year, and updated to reflect changes in roles or employment status.

05

Secure Data Deletion and Disposal

  • Midpage uses secure deletion methods designed to prevent data recovery upon customer request or in accordance with the applicable provisions of its DPA.
  • Storage media is subject to cryptographic erasure or overwrite prior to decommissioning or reuse.

06

Trusted Personnel Security

  • Personnel with access to Customer Data are subject to background checks, to the extent permitted by applicable law.
  • All employees complete security awareness training at onboarding and no less than annually thereafter.
  • All personnel authorized to process Customer Data are bound by written confidentiality obligations.

07

Proactive Incident Response

  • Midpage maintains a documented incident response plan covering identification, containment, and resolution of Security Incidents.
  • Internal escalation and communication procedures for incident reporting are defined and tested.
  • Every incident is followed by a post-incident review. The incident response plan itself is reviewed and updated no less than annually.

08

Rigorous Vendor and Subprocessor Security

  • Subprocessors are subject to a security assessment prior to engagement and are reassessed periodically thereafter.
  • Subprocessors are contractually required to maintain security measures no less protective than those described here.

On request, Midpage can provide SOC 2 documentation, questionnaire responses, and additional detail on service providers and data handling. For diligence inquiries, contact legal@midpage.ai.