Privacy Policy — Governance
Our commitment to code-native security and metadata-only telemetry.
Mima Governance is designed on a zero-retention foundation. We analyze codebase configurations and client import trees without ever storing or copying your proprietary source code or user prompt data.
The Governance Privacy Ledger
How we secure your repository data and telemetry at the architectural layer.
Mima connects via read-only GitHub OAuth. We scan repository packages and imports temporarily in memory to detect AI client calls. **We never store, write, or transmit your proprietary source code.**
Attestation logs pushed via CLI or SDK are strictly limited to metadata (system ID, mapped compliance control, timestamp, reviewer identity). **No raw prompt data, model weights, or user payloads are ever ingested.**
Any personal identity markers (such as reviewer emails or local developer IDs) are hashed cryptographically on the client machine before being pushed to the ledger.
All organization records, scan caches, and logs are logically partitioned by workspace ID at the database layer, ensuring no cross-tenant leaks.
"Security by design means we do not ask you to trust us with your code. We only trust what we can mathematically prove."
EU AI Act (Art. 9/13/14)
ISO 42001 (A.6)
SOC 2 Type II (Trust Principles)