Trust & Safety

Security is not a feature.
It's the foundation.

Solo studio doesn't mean solo security. We implement enterprise-grade protections, automated monitoring, and responsible disclosure. Every byte is encrypted, every access is logged, every vulnerability is patched.

Last security audit: June 15, 2026|Uptime: 99.97%|MTTR: 4 hours

Protections

How we secure your data.

Active

Encryption

AES-256 at rest. TLS 1.3 in transit. No exceptions, no downgrade attacks.

Active

Key Management

Hardware Security Modules (HSM) for key storage. Automatic rotation every 90 days.

Active

Authentication

Argon2id for passwords. TOTP 2FA supported. WebAuthn/FIDO2 for console access.

Active

Infrastructure

Zero-trust network. No internal IP whitelisting. Every request authenticated and authorized.

Active

Monitoring

Real-time anomaly detection. Automated alerting for suspicious patterns. 24/7 incident response.

Active

Bug Bounty

Responsible disclosure program. Rewards up to $5,000 for critical vulnerabilities.

Compliance

Certifications & Standards.

In Progress

SOC 2 Type II

Expected: Q4 2026

Planned

ISO 27001

Expected: 2027

Active

GDPR Compliance

Expected: Ongoing

Active

KVKK Compliance

Expected: Ongoing

Transparency

Security activity.

Public log of security-related events, patches, and audits. No security through obscurity.

2026-07-01
Security Updatelow

Rotated all API keys proactively. No impact on users.

2026-06-15
Penetration Testinfo

Annual third-party pentest completed. Zero critical findings.

2026-05-20
Vulnerability Patchmedium

Patched CVE-2026-XXXX in dependency. Automated deployment within 4 hours.

2026-04-10
Infrastructureinfo

Migrated to zero-trust network architecture. All internal traffic now mTLS.

Bug Bounty

Report a vulnerability.

Responsible Disclosure Program

We welcome security researchers to report vulnerabilities. We commit to:

  • Acknowledge receipt within 72 hours
  • Assess severity within 7 days
  • Fix critical issues within 14 days
  • Public disclosure coordinated with researcher
  • Rewards up to $5,000 for critical findings

Scope: miransas.com, console.miransas.com, app.binboi.com, and associated APIs. Do not test on production user data.

Security team.

For security incidents, vulnerability reports, or compliance questions, contact our security team directly. PGP key available on request.

Response time: 4 hours for critical, 24 hours for all other reports.