Skip to main content
MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY •
MIAMI WEB AI
SEC
SECURITY

Security by default.

We build secure systems from the start. Here's how we protect your data and infrastructure.

OVERVIEW

Our approach.

Security isn't an afterthought—it's built into every project from day one. We use modern infrastructure with strong defaults, follow industry best practices, and maintain clear documentation for every security decision.

We don't handle payment processing directly (that's your processor's domain), and we don't store PHI or HIPAA-covered data.

ARCHITECTURE

Security layers.

SECURITY ARCHITECTUREEDGE PROTECTIONDDoSWAFRate LimitAUTHENTICATIONOAuth 2.0MFASessionAPPLICATIONValidationEncryptionAuditDATAEncryptedBackupAccess Control

PRACTICES

How we protect your data.

01

Infrastructure Security

  • Hosted on Vercel infrastructure, which maintains SOC 2 Type II certification
  • TLS 1.2+ enforced on all endpoints; HTTPS required end-to-end
  • DDoS protection via Vercel edge network
  • No plaintext secrets in code repositories; secrets managed via environment variables
02

Data Handling

  • All customer data encrypted at rest (AES-256 via Convex and Vercel managed encryption)
  • All data in transit encrypted (TLS 1.2+)
  • Customer credentials stored in encrypted vaults only
  • Data retention policies documented per project and in our Privacy Policy
03

Development Practices

  • Code review required for all production changes
  • Dependency scanning for known vulnerabilities
  • Environment separation (dev/staging/prod)
  • Customer data processed on cloud infrastructure; local machine access restricted to development artifacts only
04

Access Control

  • Two-factor authentication enabled on all administrative systems (GitHub, Vercel, Convex, Stripe, hosting providers)
  • Multi-factor authentication enforced for consumer-facing applications before financial account linking or sensitive actions
  • Role-based access control for client projects
  • Access revoked upon project completion
  • Audit logs for sensitive operations

COMPLIANCE

Standards we meet.

SOC 2(Vercel-inherited)

Our hosting provider maintains SOC 2 Type II certification. Miami Web AI inherits infrastructure controls but is not independently SOC 2 certified.

GDPRReady

Data processing agreements available for EU data subjects on request.

CCPACompliant

California consumer rights honored per our Privacy Policy.

GLBAPosition

Miami Web AI is not a financial institution under GLBA. We act as a technology service provider. Financial data is handled via regulated third-party aggregation providers.

INCIDENT RESPONSE

If something goes wrong.

In the event of a security incident affecting your project, we commit to:

24h

Notify you of discovery

48h

Provide preliminary assessment

7d

Deliver full incident report

ASAP

Implement remediation measures

VULNERABILITY DISCLOSURE

Report a security issue responsibly.

We welcome responsible reports of security issues from the research community. Our policy provides safe harbor for good-faith researchers who follow the guidelines below.

IN SCOPE

miamiweb.ai, portal.miamiweb.ai, and our public-facing services.

OUT OF SCOPE

Third-party services we depend on (Vercel, Convex, Stripe, Cloudflare, etc.), social engineering attacks against our staff or contractors, physical security attacks, and denial-of-service or stress testing.

SAFE HARBOR

We will not pursue legal action against researchers who act in good faith, follow this policy, and give us a reasonable window (at least 90 days) to remediate before public disclosure.

RESPONSE SLA

  • Acknowledgement within 24 hours
  • Triage within 72 hours
  • Remediation timeline communicated within 7 days

Report issues to security@miamiweb.ai.

RETENTION

How long we keep your data.

We retain data only as long as needed. Key tiers:

Active account

Duration of customer relationship + 90 days

Financial account connection

30 days after user disconnects the account or terminates the service

Imported transaction history

24 months rolling (matches provider default)

Billing / tax

7 years (IRS requirement)

Security logs

12 months

For the full retention table, see our Privacy Policy §7.

CONTACT

Report a vulnerability.

If you discover a security issue, please report it to security@miamiweb.ai. We take all reports seriously and will respond within 24 hours.

Privacy Policy Data Processing Agreement

We maintain a record of material changes to this Security page. A dated changelog is available upon request to security@miamiweb.ai.

Questions about security?

Contact us to discuss your specific security requirements.

Contact UsBook a Call