Middleware Cookie policy

Application Security

Middleware’s network, infrastructure, and architecture have multiple protection layers to ensure the highest levels of security and control, including:

1. Vulnerability Assessment and Penetration Testing

Vulnerability scans are performed at least quarterly on the environment to identify control gaps and vulnerabilities. Found vulnerabilities are resolved within a timeframe by our security team.

A third party performs annual penetration testing to identify and exploit vulnerabilities within the environment.

2. Incident Response and Data Breach

Middleware has documented incident response and escalation procedures for reporting security incidents, adopted to guide users in identifying, reporting, and mitigating failures, incidents, concerns, and other complaints.

When security events are detected, they are escalated to the respective response team, with a response time of 2 hours. We notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.

3. Data Encryption in Transit and at Rest

All data sent to or from Middleware is encrypted in transit using AES256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs’ tests.

Middleware uses end-to-end encryption for Data in-transit which ensures that only communicating users can read what is sent, and nobody in between, even Middleware.

Middleware uses end-to-end encryption for data in transit, ensuring that only communicating users can read what is sent, and nobody in between, even Middleware.

Middleware uses a Security Hash Algorithm (SHA2) for all password entries. Middleware stores customers’ sensitive data, such as name, email, phone numbers, remarks, and chat transcripts, in a MySQL Database.

Data is encrypted automatically, in real-time, prior to writing to storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups, or disks.

4. Backup and Disaster Recovery

Middleware ensures that customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. AWS provides clear data maps and geographic boundary information for all data centers. The disaster recovery plan is tested annually.

5. Data Collection & Disposal

As an Application Service Provider, Middleware collects personal information, such as name and contact details, chat, messaging transcripts, and information related to browsing on behalf of the brand and use of our app.

Customer data will be deleted from Middleware systems upon termination of account or data retention expiration deadlines. Middleware hard deletes all information from currently running production systems. Backups are destroyed within 15 days. Middleware follows industry standards and advanced techniques for data destruction.

6. Bug Bounty Program

Our number one priority is customer security. We’re working with security researchers worldwide to make our customers more secure. Middleware is pleased to recognize security researchers who have helped make Middleware safer by finding and reporting security vulnerabilities.

The Middleware Bug Bounty Program encourages researchers to report vulnerabilities they’ve discovered to our security and development team. We reward researchers for submitting their findings. If you’re a security researcher and have found a vulnerability in our service, please report it to [email protected]

A multi-layered approach is implemented by Middleware to support its People, Process, and Technological security requirements. If you want more advice and help, get in touch with our Compliance team at [email protected]