Security is not a feature.
It's the foundation.
Solo studio doesn't mean solo security. We implement enterprise-grade protections, automated monitoring, and responsible disclosure. Every byte is encrypted, every access is logged, every vulnerability is patched.
Protections
How we secure your data.
Encryption
AES-256 at rest. TLS 1.3 in transit. No exceptions, no downgrade attacks.
Key Management
Hardware Security Modules (HSM) for key storage. Automatic rotation every 90 days.
Authentication
Argon2id for passwords. TOTP 2FA supported. WebAuthn/FIDO2 for console access.
Infrastructure
Zero-trust network. No internal IP whitelisting. Every request authenticated and authorized.
Monitoring
Real-time anomaly detection. Automated alerting for suspicious patterns. 24/7 incident response.
Bug Bounty
Responsible disclosure program. Rewards up to $5,000 for critical vulnerabilities.
Compliance
Certifications & Standards.
SOC 2 Type II
Expected: Q4 2026
ISO 27001
Expected: 2027
GDPR Compliance
Expected: Ongoing
KVKK Compliance
Expected: Ongoing
Transparency
Security activity.
Public log of security-related events, patches, and audits. No security through obscurity.
Rotated all API keys proactively. No impact on users.
Annual third-party pentest completed. Zero critical findings.
Patched CVE-2026-XXXX in dependency. Automated deployment within 4 hours.
Migrated to zero-trust network architecture. All internal traffic now mTLS.
Bug Bounty
Report a vulnerability.
Responsible Disclosure Program
We welcome security researchers to report vulnerabilities. We commit to:
- Acknowledge receipt within 72 hours
- Assess severity within 7 days
- Fix critical issues within 14 days
- Public disclosure coordinated with researcher
- Rewards up to $5,000 for critical findings
Scope: miransas.com, console.miransas.com, app.binboi.com, and associated APIs. Do not test on production user data.
Security team.
For security incidents, vulnerability reports, or compliance questions, contact our security team directly. PGP key available on request.
Response time: 4 hours for critical, 24 hours for all other reports.