Security & Trust

Security isn't a feature.
It is our foundation.

Our security posture is built on the principles of zero trust, absolute confidentiality, and the institutional-grade discipline.

Our Guiding Principles

Zero Data Retention by Default.

Our commitment is simple: We delete all your sensitive project data immediately upon completion of our engagement. We do not keep copies. This is our legally binding promise.

Your Data Never Trains Our AI.

We have a strict, non-negotiable policy: your documents, your data, and your results are never, under any circumstances, used to train our AI models or any third-party models.

You Are Always in Control.

You choose exactly what data to share with us for each analysis. You are the sole owner of your data, always. Our role is to be a temporary, trusted custodian, not an owner.

A Fortress in the Cloud

Our platform is built on world-class Google Cloud infrastructure, designed with multiple layers of defense to protect your data at every stage.

Data Encryption

At Rest

All data stored in our environment is encrypted at rest using industry-standard AES-256.

In Transit

All data transmitted between you and Midpilot, and within our internal network, is encrypted using TLS 1.2 or higher.

Infrastructure & Compliance

Logical Isolation

Each client's data and analysis runs in a completely separate, logically isolated cloud environment. There is no possibility of data cross-contamination.

European Data Residency

For all our European clients, we guarantee that all data is processed and stored exclusively on data centers within the European Union, in compliance with GDPR.

Foundationally Secure

We build on top of Google Cloud's certified infrastructure (ISO 27001, SOC 2, etc.), inheriting their world-class physical and environmental security controls.

Access Control

The “Human Air-Gap”

For our initial enterprise partners, access to sensitive client data is strictly limited to the founders, Philip Hodne and Thomas Irgens. This provides an unparalleled level of personal accountability.

Principle of Least Privilege

As we grow, all team members will be granted access only to the specific data and systems required to perform their roles.

Multi-Factor Authentication

All access to our internal systems and infrastructure requires multi-factor authentication.

Security Through Simplicity

Our service model is inherently more secure than a traditional SaaS product.

No Software to Integrate

Because you are not integrating our software into your IT systems, you are not creating any new potential attack vectors or vulnerabilities in your own network.

No User Management Burden

You don't need to worry about provisioning new user accounts, managing passwords, or offboarding former employees.

A Clear, Auditable Process

Our simple, human-led process is easy to understand and audit. There are no “black boxes.” We provide a clear chain of custody for your data from start to finish.

Frequently Asked Questions

Have more questions? We'd be happy to answer them.

We welcome and encourage deep security reviews from our clients' technical teams. If you have further questions or would like to see our detailed security documentation, please get in touch.

Request a Security Briefing