Learn about Middle's security protocols
We have the following security policies in place and can make them available upon request: Acceptable Use, Asset Management, Backup, Business Continuity Plan, Change Management, Code of Conduct, Cryptography, Data Classification, Data Deletion, Data Protection, Disaster Recovery Plan, Incident Response Plan, Information Security, Password, Physical Security, Responsible Disclosure, Risk Assessment, System Access Control, Vendor Management, and Vulnerability Management.
All employees undergo a complete background check and sign an Employee Invention Assignment and Confidentiality Agreement when they join the company. We also track that all employees do the following:
- Review and accept security policies
- Complete security training
- Data is encrypted at rest. It is also encrypted in transit with TLS/SSL.
- Every customer’s data is stored on its own database instance separate from other customers’ data.
- Passwords must be a minimum of eight characters and passwords on the Pwned password list cannot be used to create an account.
- Middle monitors sessions by IP address and time.
- Access can be granted at the account or sub-account level.
Middle is working towards SOC2 certification.