Security

Enterprise-Grade Security

Your sprint data is sensitive. We protect it with the same rigor you'd expect from any enterprise platform.

Encryption at Rest & in Transit

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database connections use SSL certificates with certificate pinning.

Row-Level Security (RLS)

Every database query is enforced with Supabase row-level security policies, ensuring strict data isolation between organizations. No cross-tenant data leakage is possible.

Authentication & Access Control

User authentication is handled by Supabase Auth with bcrypt password hashing, JWT token management, and optional OAuth providers. Enterprise plans support SAML SSO.

No Source Code Access

Michi never accesses your source code repositories. Our integrations with Jira and Linear only sync project management data (tasks, sprints, backlogs) - never code.

Infrastructure Security

Hosted on Vercel's edge network with automatic DDoS protection, WAF, and geo-distributed infrastructure. Database hosted on Supabase with automated backups every hour.

SOC 2 Compliance

We maintain SOC 2 Type II compliance covering security, availability, and confidentiality. Our infrastructure providers (Supabase, Vercel) are independently SOC 2 and SOC 3 certified.

Security Practices

Our operational security practices ensure your data stays protected at every layer.

  • All employee access to production systems requires multi-factor authentication
  • Security vulnerabilities are patched within 24 hours of disclosure for critical issues
  • Regular penetration testing by independent third-party security firms
  • Employee security training conducted quarterly with phishing simulation exercises
  • Incident response plan with defined escalation procedures and 1-hour response SLA
  • Data processing agreements (DPAs) available for enterprise customers
  • Audit logs maintained for all administrative actions with 1-year retention
  • Principle of least privilege applied to all internal access controls

Certifications & Compliance

Our compliance program covers major security and privacy frameworks.

SOC 2 Type II

Certified

Security, availability, and confidentiality controls

GDPR

Compliant

EU General Data Protection Regulation compliance

CCPA

Compliant

California Consumer Privacy Act compliance

ISO 27001

In Progress

Information security management system certification

Responsible Disclosure

We welcome security researchers who find and report vulnerabilities responsibly. If you discover a security issue, please report it to security@jishulabs.com. We commit to acknowledging reports within 24 hours and providing updates within 72 hours.

For questions about our security practices, contact us at security@jishulabs.com or read our Privacy Policy.