Security and data handling

Clear security principles for partner review.

MGG keeps public company information separate from credentials, webhooks, admin tooling, and internal commerce workflows.

Corporate details

Legal entity
MiGame Oy
Business ID
2254874-7
VAT number
FI22548747
Operating brand
MGG

Security summary

Integrations and commerce workflows are handled as business infrastructure.

The public site gives partners a security posture they can review in plain language.

Security illustration showing public information separated from private operational systems.

Public/private separation

Corporate pages provide business context while operational systems remain separate.

Credential protection

Operational systems use unique service accounts to minimise the risk of cross-service access.

Operational review

Commerce workflows and integrations are treated as reviewable business infrastructure.

Minimal data

MGG only collects and stores the data needed to provide services and respond to business enquiries.

Details

Expandable security principles for deeper review.

These summaries are public by design and describe how MGG approaches service accounts, data minimisation, integrations, and responsible reporting.

Credential separation

Operational systems use unique service accounts to minimise the risk of cross-service access.

API keys, webhook secrets, passwords, and operational credentials stay out of public pages. Public content never asks visitors to submit credentials.

Private admin surface

Internal workflows and administrative systems are separated from the public website.

The public site is for corporate context, partner review, and commercial contact. Administrative surfaces are not promoted through public navigation.

Controlled integrations

Commerce and marketplace integrations are treated as reviewable business infrastructure.

Webhook routes, API integrations, supplier connections, and marketplace processes are designed around traceability, limited disclosure, and access control.

Minimal public data

We only collect and store the data needed to provide our services.

Personal data is not shared with third parties without consent. Public pages provide corporate context and avoid sensitive operational details that are not needed for partner review.

Responsible disclosure

If you discover a security vulnerability, please report it responsibly.

MGG appreciates help in keeping the platform secure. Reports should avoid disruption, credential attacks, social engineering, and attempts to access data that does not belong to the reporter.

Responsible disclosure

A safe reporting route for public-site security concerns.

If you discover a security vulnerability, please report it responsibly. Reports should be non-disruptive and should avoid accessing private data or testing private operational systems.

Read disclosure policy

Cookie choices

MGG uses necessary browser storage for this banner and may use privacy-friendly analytics only if configured and accepted. Read more in the privacy policy.