🚀 Introducing Session Replay: Drive impact with the full picture.
Learn more

Security

Last Updated

Security Overview

Security is one of our biggest priorities here at Mixpanel. On this page we have provided information about the security of your data, our general security practices, and how you can reach a member of the security team if you have questions that haven’t been answered below.

AICPA SOC badgeMoss Adams ISO 27701 CertMoss Adams ISO 27001 Cert

The Mixpanel platform safeguards customer data using a variety of controls:

  • Mixpanel application data is secured in transit using TLS, and encrypted at rest in Mixpanel’s proprietary analytics database format.

  • The Mixpanel application logically separates user data, and access to your data is protected by strong authentication and authorization controls.

  • Mixpanel audits changes to the application throughout the development lifecycle: architecture reviews are performed as well as stringent automated and manual code review processes.

  • Mixpanel monitors application servers, infrastructure, and the Mixpanel network environment to detect potential abuse.

  • Mixpanel maintains a native and active SOC 2 type II attestation and is an ISO 27001 and ISO 27701 certified. The documents are available by writing to grc@mixpanel.com.

  • Additionally, our Cloud Service Provider Google regularly undergoes independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. Additional details are available here.

European Union’s General Data Protection Regulation (GDPR)

Mixpanel is committed to complying with GDPR so that our customer’s and their end user’s rights and obligations are met under GDPR, which took effect on May 25, 2018. As explained in our GDPR article, we created many tools and implemented new processes to ensure we can assist our customers with their compliance with GDPR requirements. Our customers can programmatically delete end-user data, or submit deletion or export requests via the privacy portal in their account settings. We also help our customers support data subject rights by providing options for data retention periods. For more information on our tools and processes, see our GDPR page.

India’s Digital Personal Data Protection Act (DPDP) & Accompanying Regulations

Mixpanel is committed to complying with India’s DPDP so that our customer’s and their end user’s rights and obligations are met. Mixpanel supports tools and processes to ensure we can assist our customers with their compliance with DPDP requirements and compliance obligations. Our customers can programmatically delete end-user data, or submit deletion or export requests via the privacy portal in their account settings. We also help our customers support data subject rights by providing options for data retention periods. For more information on our tools and processes, see our Privacy Overview page.

General Security Questions

If you have general security questions or concerns, please email us at grc@mixpanel.com.