Your data is yours.
We protect it like it is.

Every database table has PostgreSQL Row-Level Security enabled. This means database queries are enforced at the storage layer — not just in application code.

Each user can only read and write rows that belong to their own organisation. Even if a bug existed in the API layer, the database itself would reject the query.

Policies are version-controlled in our migration files and reviewed on every pull request.

Team invite tokens are cryptographically random 32-byte values generated with Node's crypto.randomBytes. They expire after 7 days and are invalidated immediately on acceptance.

OAuth tokens for Gmail and Outlook integrations are encrypted at rest using AES-256-GCM before being stored in the database. The encryption key is stored separately in environment secrets, never in the database.

All secrets (Stripe keys, Resend API key, Supabase service role) are stored as Vercel environment variables — never committed to source code.

All customer data is stored in Supabase's EU region (Frankfurt, Germany). No data transits to US-based storage.

The AI inference layer (Anthropic Claude) processes prompts but is not used to train models. Your pipeline data is never stored by Anthropic beyond the request lifetime.

Email delivery via Resend uses EU-compliant infrastructure. Monitoring via Sentry and analytics via PostHog are both configured to use EU endpoints.

Michi is designed to be GDPR-compliant by default. You control your data: full export is available at any time from Settings, and account deletion removes all personal data within 30 days.

A Data Processing Agreement (DPA) is available on Pro and above. Contact us at privacy@michiplatform.com to request one.

We collect only the data required to operate the service. No selling of data, no ad tracking, no third-party analytics beyond what's disclosed in our privacy policy.

All application errors and performance issues are captured by Sentry (EU region). P0 incidents trigger immediate alerts to the engineering team.

Stripe webhook events are deduplicated using a unique event ID stored in the database, preventing double-processing of billing events.

Uptime is monitored continuously. Our target is 99.9% monthly uptime excluding scheduled maintenance windows.

Available on Team and Growth plans. Every data mutation — record creation, update, deletion, team member invite — is written to an immutable audit_log table.

Each entry records the user, timestamp, action type, entity type and ID, and a diff of what changed. Logs cannot be edited or deleted by users.

Audit logs are retained for 12 months and can be exported as CSV on request.

The application is deployed on Vercel's Edge Network with automatic HTTPS, DDoS protection, and global CDN.

The database is managed Postgres on Supabase with automated daily backups retained for 7 days (Pro) or 30 days (Team/Growth). Point-in-time recovery is available on request.

All code changes go through pull request review before deployment. The main branch is protected — no direct pushes.