Security + Governance

Secure by design.
That’s our commitment to you.

AICPA logo

Certified to safeguard your data

We've been certified by an independent audit firm for maintaining a SOC 2 Type 2 security standard. We also continuously maintain the security, availability, confidentiality and integrity of customer data.

Our Stringent Security Controls

We've implemented automated alerts and evidence collection to monitor over 100 security controls, giving us the ability to confidently prove our security and compliance posture at any time. Further, our commitment to compliance and a security-first mindset is ingrained in our entire organisation.
Laptop image showing the number of security controls

Endpoint Protection

We centrally manage all of our devices, enforcing policies related to security, patching, and encryption. Additionally, we filter out any malicious requests that could potentially harm our infrastructure.
man technologist

Simulate and defend against attacks

To ensure the strongest system defences, we undertake third-party penetration tests with a certified assessor for every major release.

Secure by Design

We follow the 'least privilege' practice meaning we only access what's necessary to satisfy a particular control. To ensure accountability and transparency, all activity is logged and periodically audited.

Cyber security training

To ensure our employees are equipped to recognise and respond to cyber security and phishing threats, we've partnered with a leading cyber security training company. This helps us maintain a vigilant and security-focused culture every day.

Application & Data Security

We employ industry-leading best practices and tools to secure our publicly exposed applications, such as using a top-rated web application firewall (WAF) with automatic updates to protect against the latest threats detected worldwide.
Screen with alert displayed

24/7 Security alerts

Middle actively monitors application and infrastructure security, availability and performance. Automated security testing is performed continuously and we engage qualified third party suppliers for penetration testing.

Middle shield illustration

Prevent malicious attacks

To protect against malicious attempts to shut down our system, Middle utilises Distributed Denial of Service (DDoS) protection and network-level attack mitigation. Our Web Application Firewall (WAF) and machine learning-based mechanisms detect and block network attacks to keep our systems secure.

Secured laptop image

Data encryption

Middle implements the secure Transport Layer Security (TLS 1.2) encryption protocol to protect all data across our instances and databases. We also use Hardware Security Module (HSM) based encryption, which provides tamper-resistant encryption for added security.


Our security and audit

AICPA logoGoogle logoAuth0 logo
Drata logoAssurance Lab logo

Infrastructure & Code Security

At Middle, we host customer data on Google Cloud, which maintains a comprehensive list of reports, certifications, and third-party assessments to ensure state-of-the-art data center security. Additionally, we employ industry-leading best practices and tools to secure our publicly exposed applications, protecting against the latest threats detected worldwide.
Terraform logo

Infrastructure as code (IAC)

By utilising Terraform, Middle is able to describe the state of our infrastructure as code. This approach enables peer-reviewed changes, template scanning for vulnerabilities, and fast recovery in the event of outages.

Lock image

Immutable environment

We uses Shielded GKE Nodes, Confidential VMs, read-only file systems and 'distroless' containers to enforce integrity, confidentiality and protection of customer data.

Deep Source logo

Third Party Library Scanning & Static Code Analysis

We use leading third-party security solutions to ensure we don’t have vulnerabilities in our code base. We also perform static code analysis verifications that must be passed before any new code can be merged.

Secure development illustration

Secure development practice

We peer review and test our code prior to release, including manual and automated checks for security issues, and only release software after qualifying it in development and test environments.

Got questions or concerns?

Please contact if you any questions or concerns. To report urgent issues, please follow our Responsible Disclosure Policy
Illustration of a hand protecting a working person