Security is one of our biggest priorities here at Mixpanel. On this page we have provided information about the security of your data, our general security practices, and how you can reach a member of the security team if you have questions that haven’t been answered below.
The Mixpanel platform safeguards customer data using a variety of controls:
- Mixpanel application data is secured in transit using TLS, and encrypted at rest in Mixpanel’s proprietary analytics database format.
- The Mixpanel application logically separates user data, and access to your data is protected by strong authentication and authorization controls.
- Mixpanel audits changes to the application throughout the development lifecycle: architecture reviews are performed as well as stringent automated and manual code review processes.
- Mixpanel monitors application servers, infrastructure, and the Mixpanel network environment to detect potential abuse.
- Mixpanel maintains a native and active SOC 2 type II attestation and is Cloud Star Alliance (CSA) Star Level 1 certified. Both documents are available by writing to firstname.lastname@example.org.
Additionally, our Cloud Service Provider Google regularly undergoes independent verification of security, privacy, and compliance controls against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. Additional details are available here.
European Union’s General Data Protection Regulation (GDPR)
Mixpanel is committed to complying with GDPR so that our customer’s and their end user’s rights and obligations are met under GDPR, which took effect on May 25, 2018. As explained in our GDPR article, we created many tools and implemented new processes to ensure we can assist our customers with their compliance with GDPR requirements. Our customers can programmatically delete end-user data, or submit deletion or export requests via the privacy portal in their account settings. We also help our customers support data subject rights by providing options for data retention periods. For more information on our tools and processes, see our GDPR page.
Vulnerability Disclosure Area
We sincerely appreciate feedback from the security community and strive to quickly address security issues involving our products and services. If you need to report a security issue, please email email@example.com and include the phrase “Security Vulnerability” in the subject line. Your reports should include a detailed description of your discovery with clear, concise, reproducible steps, or a working proof-of-concept (POC).
General Security Questions
If you have general security questions or concerns please email us at firstname.lastname@example.org.