Security

1. Infrastructure Security

Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of protection:

• Cloud Hosting: We use industry-leading cloud providers with SOC 2 Type II certification
• Network Security: All traffic is routed through firewalls and DDoS protection
• Isolation: Customer environments are logically isolated to prevent cross-tenant access
• Redundancy: Multi-region deployment ensures high availability and disaster recovery
• Monitoring: 24/7 infrastructure monitoring and automated alerting

2. Data Encryption

We encrypt your data at every stage:

• In Transit: All data is encrypted using TLS 1.3 during transmission
• At Rest: Data stored in our databases is encrypted using AES-256 encryption
• Backups: All backups are encrypted and stored in geographically separate locations
• API Keys: Sensitive credentials are stored in encrypted vaults and never logged

3. Authentication & Access Control

We implement robust authentication and access control mechanisms:

• Secure Authentication: Support for email/password and Google OAuth 2.0
• Session Management: Secure, httpOnly cookies with automatic expiration
• Row-Level Security: Database-level policies ensure users can only access their own data
• Role-Based Access: Granular permissions based on user roles within organizations
• Rate Limiting: Protection against brute force and abuse attacks

4. Application Security

Our development practices prioritize security at every stage:

• Secure Development: All code undergoes security review before deployment
• Input Validation: Strict validation on all user inputs to prevent injection attacks
• Dependency Scanning: Automated scanning for known vulnerabilities in dependencies
• OWASP Compliance: We follow OWASP Top 10 guidelines to prevent common vulnerabilities
• Content Security Policy: Strict CSP headers to prevent XSS and data injection attacks

5. Data Privacy & Compliance

We are committed to data privacy and regulatory compliance:

• GDPR: Full compliance with European data protection regulations
• Data Minimization: We only collect data necessary to provide our services
• Right to Erasure: Users can request complete deletion of their data
• Data Portability: Export your data at any time in standard formats
• Privacy by Design: Security and privacy considerations are built into every feature

6. Incident Response

We maintain a comprehensive incident response plan:

• Detection: Automated monitoring and alerting for security anomalies
• Response: Dedicated incident response team with defined escalation procedures
• Communication: Prompt notification to affected users in case of a security incident
• Recovery: Rapid restoration of services with root cause analysis
• Post-Incident: Thorough review and implementation of preventive measures

7. Responsible Disclosure

We welcome security researchers to help us maintain the security of our platform. If you discover a potential security vulnerability, please report it responsibly:

• Email your findings to security@mintai.com
• Provide sufficient detail to reproduce the vulnerability
• Allow reasonable time for us to address the issue before public disclosure
• Do not access or modify data belonging to other users

We appreciate your efforts in keeping Clamint secure and will acknowledge your contribution.

8. Contact Us

For security-related inquiries or to report a vulnerability: