Security & compliance

A browser you can prove is safe

Q: Which compliance frameworks does Mira support?

Mira ships compliance presets aligned to SOC 2, HIPAA, GDPR and DPDP, with metadata-first audit and exportable evidence. It complements your existing security stack.

Q: What data leaves the device?

By default only policy-approved, redacted context for a specific AI call, after DLP checks. Prompt logging is off and a no-send gate can block providers entirely.

Q: Can admins export audit logs and cut access?

Yes. Admins export logs on demand, stream to SIEM, and use a kill switch to drop a user, role, device or tenant instantly with data wipe.

Mira is built for IT, security and compliance buyers. Protections are enforced in the core and verified by automated test gates — not just documented in a PDF.

Request the evidence pack Talk to security

Controls

Defense-in-depth, end to end

Trust boundaries

Remote pages never receive raw Electron APIs, local storage keys, policy signing keys or provider secrets. Renderer crosses to the core only through typed, sender-validated IPC.

DLP & redaction

Prompt and context are scanned before any provider call. Credentials, secrets, payment cards, PII/PHI, source code and hidden page text are handled per guardrail policy.

Prompt-injection defense

Untrusted page content is treated as hostile: injection indicators are detected and blocked before they can drive an AI or agent action.

Encrypted local storage

Browser-local records are AES-GCM encrypted, scoped to tenant/profile/workspace, TTL'd, and reject credential-like content. Keys are OS-wrapped via safeStorage.

Metadata-first audit

Decision, reasons, actor, route/context IDs, capability, domain and timestamps — streamable to SIEM / OpenTelemetry. Raw prompts, cookies, tokens and page content are not stored by default.

Kill switch & fail-closed

One central change drops a user, role, device or tenant: sessions end, the workspace locks, cached data wipes, and further access fails closed.

Trust boundaries

Five rules the core never breaks

The protected assets — tenant policy and central locks, SaaS session data, AI context, WebAgent definitions and run records, encrypted local records, audit metadata and provider secrets — are defended by hard boundaries.

Remote pages are untrustedNo raw APIs, keys or secrets ever reach a remote page.
Typed IPC onlyRenderer actions cross to the core only through typed preload methods and sender-validated handlers.
AI calls are gatedProvider calls happen only after policy, context-scope, budget, DLP and prompt-injection checks all pass.
Agents re-check at the boundaryWebAgent execution re-validates browser policy immediately before each automation driver call.
Config must be verifiedConfig bundles must be signature-verified before they become trusted runtime policy.

Privacy posture

Private by default

The defaults assume sensitive work. You opt in to more sharing, never the other way around.

Prompt logging off by defaultThe bundled enterprise route does not log prompts, and provider fallback is off by default.
Redact before sendSensitive context is redacted locally before any provider call; a no-send gate blocks execution when policy says data must not leave.
Visible-context inspectorUsers and admins can verify exactly what the model is allowed to receive before sensitive use.
Trusted time (NTP)Admin-configured NTP keeps TTLs, tokens and audit timestamps from being spoofed.

Compliance

Map to the frameworks that govern you

One-click presets and exportable, metadata-first evidence.

SOC 2HIPAAGDPRDPDPISO 27001-aligned controlsSIEM / OpenTelemetry streamingRBAC + ABACSSO · MFA · SCIM

FAQ

Security questions, answered

How is security verified, not just claimed?

Security is enforced in code and checked by automated test gates (npm run test:security): no raw credentials/tokens/cookies reach providers; denied navigation, unsafe protocols, popups, downloads and guarded IPC fail closed; the Browser Core fallback never escapes the shell; and release artifacts are scanned for prompt/page/secret leakage.

Which compliance frameworks does Mira support?

Mira ships one-click compliance presets aligned to SOC 2, HIPAA, GDPR and DPDP, with metadata-first audit and exportable evidence. Mira complements — not replaces — your endpoint security, IdP, CASB, DLP and SIEM.

What data leaves the device?

By default, only policy-approved, redacted context needed for a specific AI call — after DLP and prompt-injection checks. Prompt logging is off, audit is metadata-oriented, and a no-send gate can block provider execution entirely for high-sensitivity workflows.

Can admins export audit logs and cut access?

Yes. Admins export logs and debug bundles on demand, enable/disable audit centrally, stream to SIEM/OpenTelemetry, and use the kill switch to drop a user, role, device or tenant instantly with data wipe.

Pass security review early

Get the threat model, evidence pack and control matrix, and run a fixed-scope pilot with your security team in the room.

Book a demo Contact sales