Core Security Measures
1. TLS 1.3 Encryption
All data transmission uses TLS 1.3 protocol encryption:- End-to-end encryption from user to server
- Prevents data interception or tampering
- Latest encryption standard for strongest protection
2. Minimal Data Storage
As a AI API platform, MixRoute :- Doesn’t store request content: No saving of API request inputs/outputs
- Can’t view user data: Technical team cannot access conversation content
- Privacy first: Maximum user privacy protection
3. Limited Logging
Basic Log Scope We only log essential information for billing and troubleshooting:- Timestamps: For log analysis and debugging
- Token counts: Input and output token counts
- Model name: For billing and statistics
- Response status: Success or error states
- ❌ User input text
- ❌ AI output responses
- ❌ Conversation content
- ❌ Images or file content
- ❌ Personal identity information
4. Short-term Log Retention
We implement a short-term log retention policy where all system logs are kept for only 7 days. This approach is designed to mitigate potential data breach risks and uphold privacy protection principles, while simultaneously optimizing cloud resource allocation and managing storage costs. Furthermore, this mechanism ensures that our operations strictly adhere to the compliance requirements of current data protection regulations.Access Control
1. Permission Management
Based on the Principle of Least Privilege (PoLP), we have established the following authorized access protocols:- Least privilege: Only authorized personnel can access logs
- Anonymization: Log data is anonymized
- Necessity review: Access only when necessary (e.g., troubleshooting)
- Audit trail: Complete audit logs for all access
2. Technical Team Management
MixRoute technical team receives ongoing training in data security and privacy. To minimize internal risks, we enforce dynamic access controls through regular permission rotations and audits. This ensures all resource access remains compliant with the “Principle of Least Privilege.”Security Framework
1. Regular Security Audits
MixRoute team performs routine, full-scale security evaluations :- Vulnerability scanning: Regular system security checks
- Code review: Review potential security risks in code
- Infrastructure checks: Server and network security evaluation
- Process optimization: Continuous security process improvement
Compliance
MixRoute is strictly GDPR-compliant, guaranteeing transparent and lawful data processing. By aligning with AI industry security benchmarks and maintaining proactive internal audit mechanisms, we ensure that our infrastructure and operations consistently meet the most stringent regulatory and compliance requirements.Security Best Practices
User Recommendations
API Key Management
- Use environment variables for sensitive info
- Don’t hardcode Keys in code
- Rotate API Keys regularly
Sensitive Data Handling
- Avoid sensitive personal info in requests
- Use anonymized data for testing
- Handle confidential content carefully
Network Security
- Use HTTPS for API access
- Use service in secure network environments
- Keep client software updated
MixRoute Platform Protections
- Multi-layer defense: Multiple security measures deployed
- Real-time monitoring: 24/7 security monitoring and threat detection
- Incident response: Complete security incident response mechanism
- Backup & recovery: Regular backups and disaster recovery drills
- Timely notification: Within 24 hours of discovery
- Detailed explanation: Event details and scope
- Remediation: Steps taken to address the issue
- Prevention: Future prevention measures
Support
For data security questions, please contact us:Contact Us
Email: sservice@mixroute.aiTopics:
- Data security policy
- Privacy protection measures
- Security best practices
- Security incident reporting