MiraFrame AI
MiraFrame

MiraFrame Security

Learn how MiraFrame approaches account protection, private routes, uploaded media, third-party providers, and responsible vulnerability reporting.

Jul 17, 2026 Jul 17, 2026

MiraFrame combines its own application controls with external infrastructure and AI model providers. Security therefore depends on both product-level safeguards and responsible user behavior.

Current security practices

Encrypted transport

Public and authenticated MiraFrame pages are served over HTTPS. This protects data in transit between the browser and the service, but it does not make unsafe passwords or unauthorized uploads secure.

Private account routes

Account settings, billing, credits, generation activity, administration, and API routes are excluded from public search indexing. Authentication and permission checks are applied to protected workflows where required.

Restricted browser capabilities

MiraFrame sends security-related response headers that restrict framing, MIME-type guessing, referrer information, and unnecessary access to camera, microphone, and location features.

Limited data sharing

Generation requests may be transmitted to the model provider selected by the workflow. Users should avoid uploading confidential information or third-party material unless they are authorized to process it under the applicable provider terms.

Protect your account

  • Use a unique password that is not reused on another service.
  • Protect access to the email account used for sign-in.
  • Never share verification codes, session details, or private API keys.
  • Review unexpected account, billing, or generation activity promptly.
  • Sign out on shared or public devices.

Responsible vulnerability reporting

Send suspected security issues to [email protected] with the subject Security report.

Include:

  • the affected URL or workflow;
  • clear reproduction steps;
  • the expected and observed behavior;
  • the potential impact;
  • screenshots or logs with secrets and personal data removed.

Do not exploit an issue beyond what is necessary to demonstrate it. Do not access other users' data, disrupt the service, run destructive tests, or publicly disclose an unresolved issue.

Scope and limitations

This page describes current practices and is not a certification, warranty, or guarantee that every security risk can be prevented. Security controls evolve as the product, providers, and infrastructure change. The Privacy Policy and Terms of Service remain the governing policy documents.