Mimir ASM
Start Free Scan

Trust Center

Security, privacy and operational trust for Mimir ASM.

Mimir is designed to help organizations understand and monitor their external attack surface with clear security boundaries, operational transparency and AI-assisted analysis.

Data Handling

Mimir focuses on external attack surface intelligence and operational security metadata. Customer data is handled with least-privilege principles.

AI Security

AI analysis is used to explain risks, prioritize remediation and generate operational briefings. Sensitive customer secrets should never be entered into AI prompts.

Monitoring Scope

Mimir monitors externally visible assets, exposure changes, posture trends and remediation workflows.

Access Control

Authentication, workspace isolation and role-based access are core parts of the platform roadmap.

How Mimir Works

External visibility without unnecessary internal access.

1. External Analysis

Mimir analyzes externally visible attack surface signals such as domains, DNS posture, headers, exposure patterns and public-facing services.

2. AI Interpretation

Mimir AI translates technical findings into operational risk, attacker perspective, remediation guidance and executive summaries.

3. Continuous Monitoring

Monitoring cycles detect exposure drift, posture changes and remediation status over time so teams can act before risk accumulates.

Security Commitments

Built for security-sensitive teams.

External-first monitoring scope
Least-privilege product architecture
No requirement for internal network access
AI used for risk explanation, not secret processing
Workspace isolation as core product principle
Security-first roadmap and operational logging

Data we do not require

No internal network access
No production credentials
No endpoint agent installation
No source code access
No privileged cloud access for free scans

Security controls

Supabase authentication
Workspace isolation
Security headers enabled
Audit logging for key actions
Stripe-hosted billing
External-first scanning model

Responsible disclosure

Report security issues to security@mimirasm.com
We review vulnerability reports in good faith
Do not access, modify or exfiltrate customer data
Only test systems you own or are authorized to assess

Data handling

Built to minimize sensitive access.

What Mimir stores

Account information, workspace configuration, submitted domains, scan results, findings, remediation status and operational events required to provide attack surface monitoring.

What Mimir avoids

Mimir does not require internal credentials, endpoint agents, production database access, source code access or internal network connectivity to run external exposure monitoring.

Need a security review?

Customers evaluating Mimir can review our privacy policy, terms and security posture before activating continuous monitoring.

Privacy PolicyTerms
Start Free ScanLogin
Start Free Exposure ScanPricing