Request a demo

Security & compliance

Built for security review.

Families share their most sensitive information with Mirza, and so do the institutions we serve. SOC 2 Type II report, HIPAA documentation, and architecture overview are available under NDA.

Request the security packageView our Trust Center ↗

Trust & compliance

Enterprise-grade security. Government-grade compliance.

Families share their most sensitive information with Mirza, and so do the institutions we serve. We protect it to the standards health plans and government agencies require.

HIPAA compliantAICPA SOC 2End-to-end encrypted
AES-256 encryption at rest and TLS 1.3 in transit, with audited, least-privilege access controls
Independently audited, with annual third-party penetration testing, 24/7 monitoring, and 99.9% uptime
You own your data: delete your account anytime, with permanent removal in 30 days and instant permission revocation
No immigration data, by design: Mirza does not ask for, store, or transmit immigration status. There is nothing to expose, because we never collect it.