Trust & Security

Last updated: 13 July 2026

1. About this page

This page is maintained by MIKUJY Sàrl to answer common security and privacy questions about mikujy.com and the MIKUJY platform. It describes the controls currently in place; it is not an independent certification.

For detailed documents (DPA, security questionnaires, subprocessors), please write to info@mikujy.com.

2. Hosting & infrastructure

  • Main hosting: Lovable / Cloudflare (global edge with EU replicas) for the public site.
  • Database and authentication: Supabase (Frankfurt, EU), with Row-Level Security enabled on all application tables.
  • Domain name and business email: Infomaniak (Switzerland).
  • HTTPS/TLS enforced on all public endpoints (HSTS enabled).

3. Data protection

  • In transit: TLS 1.2+ for all public and administrative connections.
  • At rest: storage-level encryption managed by our hosting providers (Supabase, Cloudflare R2).
  • Isolation: RLS policies scoped per organisation, strict separation of application roles.
  • Secrets: managed in the platform vault, never in source code.

4. Access control

  • Least-privilege principle for administrative access.
  • MFA required for internal accounts with production access.
  • Sensitive-access audit logs retained for 12 months.

5. Subprocessors

SubprocessorPurposeLocation
Lovable / CloudflareWebsite hosting, CDN, DDoS protectionEU / Global edge
SupabaseApplication database, auth, storageEU (Frankfurt)
ResendTransactional email deliveryEU / US
InfomaniakDomain and inbox emailSwitzerland
Google (GA4 / Ads)Analytics and advertising (consent-based)US

6. Incident response & responsible disclosure

In the event of a security incident affecting customer data, MIKUJY notifies impacted customers within 72 hours of becoming aware, in accordance with GDPR (art. 33).

Report a vulnerability: info@mikujy.com — see also security.txt. We acknowledge receipt within 3 business days and commit not to pursue researchers acting in good faith.

7. Certifications & shared responsibility

MIKUJY does not currently hold ISO 27001, SOC 2 or HDS certifications of its own. We rely on the certifications of our subprocessors (Cloudflare, Supabase, Google) documented on their respective Trust pages.

Shared responsibility: MIKUJY is responsible for the security of the platform and the data our customers store in it. The customer remains responsible for managing their accounts, access grants and the data they choose to import.