# Security This page provides an overview of the security practices put in place to run Missive. For any question, please contact us at . Our security.txt can be found [here](https://missiveapp.com/.well-known/security.txt). #### External audit **SOC 2 Type II Compliance** Missive has achieved SOC 2 Type II compliance, a widely recognized auditing standard for service providers that ensures the operational effectiveness of our security controls over time. This compliance demonstrates that we have implemented and maintained rigorous security policies and procedures, including regular penetration testing, vulnerability scanning, and other safeguards to protect customer data. Our SOC 2 Type II audit was conducted by an independent third-party CPA based in California, USA, confirming that our controls are both well-designed and consistently effective. Our SOC 2 report is available upon request. Please contact us at to obtain a copy. ‍
SOC 2 standard logo
‍ **Google OAuth API Verification** To assess the quality of our security practices, we successfully went through the security audit required by Google as part of their OAuth API Verification. This security assessment is mandatory for any service that connects to Gmail / Google Workspace (formerly known as G Suite) accounts and stores data on their servers or cloud storage. It is an extensive process put in place by Google to ensure providers such as Missive can guarantee a high level of security and privacy when processing and storing user-provided data. You can read more about this security assessment [on Google’s FAQ here](https://support.google.com/cloud/answer/9110914#security-assessment). The letter of assessment provided by the Google-mandated external auditor can be obtained by emailing us at . #### Infrastructure Missive is hosted on Amazon Web Services. Our providers offer strong security measures and are compliant with most certifications. Feel free to read more about the security practices of each: * [Amazon Web Services](https://aws.amazon.com/security/) * [Crunchy Bridge](https://www.crunchydata.com/security) #### Data encryption **Encryption in transit** All connections between Missive apps and our servers are encrypted using the Transport Layer Security standard (TLS). This also applies to connections between our servers and third-party providers such as Gmail, Office 365, Twilio, Facebook, Asana, Pipedrive, Trello, and others. Here are links to SSL quality reports for our main application domains: * [api.missiveapp.com](https://www.ssllabs.com/ssltest/analyze.html?d=api.missiveapp.com) * [mail.missiveapp.com](https://www.ssllabs.com/ssltest/analyze.html?d=mail.missiveapp.com) **Encryption at rest** All data stored in our database and cloud storage is encrypted at rest. #### Responsible disclosure We encourage security researchers to report vulnerabilities in accordance with our [vulnerability disclosure program](https://missiveapp.com/security/bounty). #### GDPR Missive is compliant with the General Data Protection Regulation (GDPR). See [our dedicated GDPR page](https://missiveapp.com/gdpr) for more information. #### Payment information All payments made through our services are processed by [Stripe](https://stripe.com/) which is certified as a PCI Level 1 Service Provider. We do not collect or store payment information in our infrastructure. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://missiveapp.com/docs/administration/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.