Micrio | Trust Center

Security Measures

Comprehensive information about how Micrio protects your data and ensures service reliability.

Infrastructure Security

Cloudflare Hosting Infrastructure

Micrio's infrastructure is hosted on Cloudflare's enterprise-grade platform, benefiting from their robust security features, content delivery network (CDN), and distributed denial-of-service (DDoS) protection. Cloudflare provides world-class hosting facilities that are secure, highly available, and redundant.

Enterprise-grade Platform Benefits

By leveraging Cloudflare's infrastructure, Micrio gains access to:

  • Global network presence with edge locations worldwide
  • Advanced threat intelligence
  • Web Application Firewall (WAF) protection
  • Bot management and mitigation
  • Rate limiting to prevent abuse

DDoS Protection

Cloudflare's DDoS protection service automatically detects and mitigates attacks, ensuring that Micrio remains available even during large-scale attack attempts. This protection works at multiple layers (network, transport, and application) to provide comprehensive coverage against various attack vectors.

CDN Capabilities

Cloudflare's CDN improves both performance and security by:

  • Caching content closer to users for faster delivery
  • Reducing the load on origin servers
  • Providing an additional layer of security between users and the origin infrastructure
  • Optimizing content delivery based on device and connection type

Server Locations and Data Residency

Micrio's services are hosted in Cloudflare's Western Europe data centers (identifier "weur"). This ensures that data remains within a specific geographic region, helping to address data residency requirements and reduce latency for users in those areas.

Cloudflare Workers Architecture

Micrio utilizes Cloudflare Workers for all customer- and visitor-facing operations, which provides significant security advantages over traditional server architectures.

Serverless Architecture Security Benefits

The serverless architecture of Cloudflare Workers offers several security benefits:

  • No traditional operating systems to patch or maintain
  • Reduced attack surface compared to traditional server deployments
  • Automatic scaling without manual intervention
  • Isolation between execution environments
  • Rapid deployment of security updates

No VMs or Separate OSes Running

Unlike traditional hosting models, Micrio's use of Cloudflare Workers means there are no virtual machines or separate operating systems running. This eliminates many common security vulnerabilities associated with operating system management, such as unpatched systems or misconfigured services.

Data Protection

Data Encryption at Rest

Micrio implements encryption for all data stored within our systems to protect it from unauthorized access.

Database Encryption

Micrio uses Cloudflare D1 Storage for database services, which implements encryption at rest for all stored data. This ensures that even if physical access to storage media were somehow obtained, the data would remain protected.

Storage Encryption

For file storage, Micrio uses Cloudflare R2 Database, which also implements encryption at rest for all stored objects. This includes all images and associated metadata uploaded to the platform.

Data Encryption in Transit

All data transmitted to and from Micrio is encrypted to protect it from interception during transfer.

TLS 1.3 Enforcement

Micrio enforces the use of Transport Layer Security (TLS) version 1.3 for all communications over public networks. TLS 1.3 provides improved security and performance compared to earlier versions, with stronger encryption algorithms and simplified handshake processes.

HTTPS Implementation

All communications with Micrio utilize HTTPS, ensuring that data exchanged between users and our services is encrypted. We maintain up-to-date SSL certificates and follow industry best practices for secure configuration.

Data Backup Procedures

Micrio implements comprehensive backup procedures to ensure data can be recovered in the event of a system failure or data loss incident.

Backup Frequency and Retention

Regular backups are performed to capture changes to the system and user data. These backups are retained for a defined period to balance data protection needs with privacy considerations.

Geo-redundant Approach

Micrio employs a geo-redundant approach to backups, storing copies of data in physically separate locations. This ensures that even in the event of a regional outage or disaster, data can still be recovered from an alternate location.

Data Retention and Deletion Policies

Micrio has established clear policies for data retention and deletion:

  • User-uploaded images can be permanently deleted by users through the Micrio dashboard
  • No copies of deleted images remain on any of Micrio's servers
  • Account termination requests are processed within 30 days, with all associated records and images removed

Access Control and Authentication

Authentication Mechanisms

Micrio implements secure authentication mechanisms to verify the identity of users accessing the system.

Password Policies

Micrio enforces strong password policies to protect user accounts from unauthorized access. These policies include requirements for password complexity and regular password changes.

Multi-factor Authentication (MFA)

Micrio mandates the use of Multi-Factor Authentication (MFA) wherever possible to enhance account security. This adds an essential layer of protection beyond just passwords. Specifically:

  • All Micrio team accounts with access to the Cloudflare platform require MFA.
  • MFA is enforced for administrative access to other critical internal systems.

Secrets Management

Micrio employs secure storage of credentials and API keys using Cloudflare Secrets. This service provides write-only storage for sensitive credentials, meaning that once stored, these secrets cannot be retrieved from the Cloudflare interface and are only passed to running instances when needed.

All application secrets, including internal API keys and password hashing salts, are stored using this secure mechanism. The original copies of these keys are maintained in a dedicated 1Password Micrio-specific vault, which undergoes access auditing twice per year to ensure only authorized personnel have access.

Authorization and Permissions Model

Micrio implements a robust authorization model that controls what actions users can perform once authenticated. This model is based on the principle of least privilege, ensuring users have only the permissions necessary to perform their required functions.

Access Limitation to Production Systems

Access to Micrio's production systems is strictly limited to authorized personnel only. This access is provided through secure channels and is regularly reviewed to ensure it remains appropriate.

Role-based Access Control

Micrio implements role-based access control (RBAC) to manage permissions efficiently. Users are assigned to roles that define their access rights, making it easier to manage permissions at scale and reduce the risk of excessive privileges.

Source Code Security

Protecting our codebase is crucial for maintaining the integrity and security of the Micrio platform.

  • Secure Repository: The Micrio codebase is stored in a secured GitHub environment. Access requires Two-Factor Authentication (2FA) for all team members, ensuring that only authorized individuals can make changes.
  • Automated Vulnerability Scanning: We utilize GitHub Dependabot to automatically scan our code dependencies for known security vulnerabilities. This helps us proactively identify and address potential risks in the software libraries we use.Learn more about Dependabot.

Monitoring and Incident Response

Security Monitoring Approach

Micrio implements monitoring to detect suspicious activities and potential security incidents. This includes monitoring for unusual access patterns, authentication failures, and other indicators of potential compromise.

Log Management and Review

Micrio maintains comprehensive logging of security-relevant events across the platform. Security logs are collected, stored securely, and reviewed regularly to identify potential security issues:

  • Log Collection: Security-relevant events are logged across all components of the Micrio platform
  • Log Review Frequency: Security logs are reviewed at least weekly, with automated alerts for suspicious activities
  • Log Retention: Security logs are retained for a minimum of 90 days to support incident investigation
  • Automated Monitoring: Cloudflare's monitoring tools automatically detect and alert on suspicious activities
  • Review Process: Designated security personnel review logs according to established procedures to identify potential security incidents

Incident Response Procedures

Micrio has established incident response procedures to address security incidents effectively. These procedures define the steps to be taken when an incident is detected, including containment, eradication, recovery, and post-incident analysis.

Notification Process for Security Incidents

In the event of a security incident that affects customer data, Micrio will notify affected customers in accordance with contractual obligations and applicable regulations. Cloudflare will notify Micrio should there be any suspicious activities, and Micrio will review and follow up with investigations.