Legal policy

MigraTeck Security Policy

A public statement of MigraTeck security practices, account protections, operational controls, and disclosure expectations.

Last updated April 12, 2026v1.0Entity: MigraTeck

Overview

High-level security commitments across encryption, access control, monitoring, account protection, and incident handling.

1. Security program

  • Encryption in transit for public services and administrative endpoints.
  • Role-based access controls for internal systems and operational workflows.
  • Audit logging for identity, security, and privileged product actions.
  • Continuous dependency and configuration review as part of delivery workflows.

2. Account protections

  • Centralized authentication through MigraAuth.
  • Server-managed sessions with revocation support.
  • Email verification, password reset, MFA, and passkey capabilities handled centrally.

3. Shared responsibility

MigraTeck secures the shared platform, identity systems, and managed controls.

Customers remain responsible for their own account hygiene, authorized user management, and any workloads, content, integrations, or systems they operate through the services.

4. Security reporting

If you believe you have found a vulnerability, report it to security@migrateck.com. We may request supporting details to validate, triage, and resolve the issue.