Security policy

Authentication

Users can authenticate using their email and password, or through their Gmail accounts using Google sign-in. When you invite users to your organization, the invited user is prompted to set a password before his account is created.

Password strength

We require users to have at-least 1 capital letter, a number and a special character in their passwords to protect against weak passwords. We never save passwords in plain-text. All passwords are saved using an industry standard hash protocol which prevents a malicious actor from reverse-engineering a password from the saved hash. We are in the process of setting up 2F authentication, so interested users can opt to enforce 2FA login for all their users.

Data Security

Encryption of sensitive data

All cloud access keys are encrypted at rest with AES 128. They are only decryted at the time of using, and never saved in decrypted form. All data is stored on mounted EBS volumes in the Amazon AWS infrastructure, and we leverage all of the platform’s built-in security, privacy and redundancy features.

Data in transit

All data that passes through Mindkosh is encrypted. All connections from the browser to the Mindkosh platform are encrypted in transit using TLS SHA-256 with RSA Encryption. Mindkosh requires HTTPS for all services.

Risk Management

Monitoring

Logs for all services, including databases, web servers and AI/ML processing servers are backed up every day, and stored on Amazon S3 for a year. All logs are constantly monitored for suspicious activity using a combination of 3rd party vulnerability scanning and our own systems.

Vulnerability assessment

We regularly work with security professionals and white-hat hackers to scan our systems for vulnerabilities that might harm our infrastructure or our customers' data and privacy.

Snapshots

We snapshot all our systems every 8 hours, and maintain the last 6 snapshots going over the last two days. In case of a security breach, we can restore a working system within minutes.

Backups

All our databases are backed up daily, and the last 7 backups are maintained. All EBS volumes are automatically replicated within the same region as part of the standard AWS policy. In addition, we also replicate EBS volumes across regions to protect against AWS services being down in the primary operating region.

Data Retention

We retain all data for your organization, for upto 6 months after your subscription expires. If you decide to come back within that time, you will be able to re-use all of that data. You can also download all your data at any point during that 6 month period. If you would like us to delete all your data at any point, let us know at support@mindkosh.com and we will be happy to do it for you.

Compliance

All our systems are developed with CIS-Level 1 standards. We are also in the process of getting SOC 2 compliance certification.