Contact Mysa Support logo
Contact Mysa Support logo
All articles

Mysa Security PolicyUpdated 13 days ago

Security at Mysa

Here at Mysa, the data security, safety and privacy of our customers, partners and employees are at the forefront of how we think and the products we design. Trust is a core value at Mysa, and we nurture that trust diligently in our day-to-day processes. 

We understand how important security and privacy are to everyone in the technology space. Our top priority is to help our customers feel safe and secure about welcoming Mysa home.

 

How We Protect Your Device and Data

Our products are designed and manufactured with customer privacy as our first focus. For any concerns or questions regarding customer privacy and data ownership, please review our Privacy Policy.

Outgoing data from our products is  encrypted end-to-end in a security infrastructure that exceeds industry standards. Our dedicated Risk Assessment and Security Analysis team is involved in product development from initial ideation/concept all the way through the product's life cycle, including our applications, firmware and hardware, vendor relationships, supply chain, and business development.

 

Our Robust Security Program

Mysa’s security program exceeds industry standard best practices, as well as the guidance provided by the CSAGroup, NIST and the Center for Internet Security. We employ multiple cybersecurity control frameworks and develop our security capabilities to exceed their most rigorous requirements. 

Our Information Security Team, whose purpose is to protect all aspects of customer data, is composed of Information Security and Risk Management professionals with proven experience and expertise and is embedded across all company resources. The team reports directly to Officers of the company and works with all company employees to fulfill Mysa’s stringent security mandate.

 

Payment Security

When purchasing a product directly from Mysa’s ecommerce website, all payments are processed securely through a PCI/DSS- compliant third party. Customer payment information is neither stored nor kept by Mysa.

 

Submit a Security Concern

Questions or concerns about the security or privacy of our products? We’re here to help. 

Click here to contact our security team.

Or email us at: [email protected]


Vulnerability Report/Disclosure

How to Submit a Vulnerability

To submit a vulnerability report to Mysa’s Product Security Team, please utilize the following email: [email protected].

Preference, Prioritization, and Acceptance Criteria

We will use the criteria from the next sections to prioritize and triage submissions.What we would like to see from you:

  • Well-written reports in English will have a higher probability of resolution.
  • Reports that include proof-of-concept code equip us to better triage.
  • Reports that include only crash dumps or other automated tool output may receive lower priority.
  • Reports that include products not on the initial scope list may receive lower priority.
  • Please include how you found the bug, the impact, and any potential remediation.
  • Please include any plans or intentions for public disclosure.

What you can expect from Mysa:

  • A timely response to your email (within 2 business days)
  • After triage, we will send an expected timeline, and commit to being as transparent as possible about the remediation timeline as well as on issues or challenges that may extend it.
  • An open dialog to discuss issues.
  • Notification when the vulnerability analysis has completed each stage of our review.
  • Credit after the vulnerability has been validated and fixed.

If we are unable to resolve communication issues or other problems, Mysa may bring in a neutral third party to assist in determining how best to handle the vulnerability




Was this article helpful?
Yes
No