Security in Mindflow 

To ensure the best level of protection at all times for our customers, we provide several features within Mindflow to safeguard the security, confidentiality, integrity, and availability of customer data.

Infrastructure

Access to production environments: We restrict access to production systems to senior employees only that are designated upon manual review. 

Segregation between test and production environments: We enforce segregation between test and production environments and ensure that data used in test is separate from data used in production environment to protect customers’ data.

Single tenant: Mindflow is deployed in single tenant to ensure hermetic separation between every customer.

Data encryption: Data flowing through Mindflow is encrypted at rest and in transit using AES-256.

Data backup: Automatic backups are performed daily and retained for 35 days. In the event of a disaster, Mindflow is replicated across numerous data centers to allow rapid recovery. Shall a prolonged Disaster occur, Mindflow has a predetermined Recovery plan on alternate sites to enforce Recovery Time Objectives.

Secure protocols: Mindflow enforces SSL/TLS protocols to keep connexions secure.

End user access: MFA can be enforced on end-users to access the platform.

Availability: Mindflow is built using AWS Lambda serverless computing to keep speed and agility as we scale up to meet any demand and maintain a high level of availability.

Physical and virtual security: AWS handles the physical and virtual security of Mindflow’s architecture as part of the shared responsibility model.

Web application firewall: Mindflow uses AWS WAF to block attacks targeting the web-facing app.

Code

Peer review: We enable peer review on code changes before pushing them into test environments.

Code changes: Code Changes are pushed to production environment only after a senior developer’s approval.

Continuous tests: Throughout the development life cycle, CI/CD tests are enforced to check the code for compiling errors.

Privileges

Identity management: A secure governance and management system using AWS Control Tower and Organizations provides identity management, cross-account security audits, and federated access to accounts enforced by high-level rules.

User access: Using AWS Cognito, we provide a  fine-grained user identity system.

Security at Mindflow

There is no security if we don’t place emphasis on humans. At Mindflow, we put security within our company at the same priority as in our product. We’ve listed below a non-exhaustive list of measures we’ve implemented enterprise-wide.

Security awareness training: Every Mindflow employee undergoes security awareness training as a mandatory onboarding step. Once a year, every employee must undergo training again.

Background checks: Every employee must complete a background check upon arrival at Mindflow.

Passwords and MFA: Mindflow enforces the use of a SOC2 Type 2 certified Password Manager among its employees. Access to critical systems is protected by MFA authentication.

Business continuity: In the event of a disruption of business processes, senior management is trained to minimize downtime and enforce continuity of the business processes.

Devices: All employees are issued laptops by the company dedicated to professional work upon arrival. The laptops are encrypted to prevent the risk induced by thievery. Laptops are continuously monitored to protect,  or should the event arises, detect and mitigate incidents.

Third-party vendors risk assessment: Critical vendors’ security architecture are reviewed regarding SOC2 standards.

Compliance

Mindflow is aligning its security architecture with regard to the relevant international frameworks.  We are currently in the process of SOC 2 Type 2 and ISO/IEC 27001 certifications.