Mya Logo

Trust Center

Your data stays yours

Mya connects to the tools your company runs on, so security is foundational. Here are our controls — and an honest view of where we are on compliance.

SOC 2 Type I

In progress

SOC 2 Type II

Planned

GDPR

Aligned

Encryption (TLS · AES-256)

In place

Data protection

  • Encryption at rest (AES-256)
  • Encryption in transit (TLS)
  • Per-tenant data isolation
  • You own your data — delete anytime

Authentication & access

  • OAuth 2.0 only — no passwords stored
  • Tokens encrypted; never exposed to your browser
  • Least-privilege scopes
  • Revoke or disconnect any tool, anytime

Privacy

  • Minimal scope — only what a feature needs
  • No selling or sharing of your data
  • Audit logs for transparency

Reliability

  • US-based, cloud-native infrastructure
  • 24/7 monitoring & anomaly detection
  • Fail-safe disconnect revokes all tokens

Audit & accountability

  • Every action and approval Mya takes is logged
  • Exportable audit trail of who did what, when
  • Access and configuration change history

Subprocessors

We use a small set of industry-standard providers. Our DPA covers data handling, retention and deletion, breach notification, and the complete, current sub-processor list.

Auth0 (Okta)Authentication
VercelApplication hosting
Amazon Web ServicesInfrastructure & model hosting
AnthropicAI model provider

Need our security packet?

We share our DPA, current compliance status, and security details with prospective customers on request.

Request security packet

See also our Privacy Policy and Terms of Service.