We take our security practices very seriously and keeping your data safe and secure is a top priority. We utilize some of the most advanced technology for Internet security available today. Here's what that means in detail:
Mindful Team is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in. For additional details regarding AWS security, please refer to https://aws.amazon.com/security/. We don't publicize exactly what features, services and data center regions/zones are used at Mindful Team for security reasons. However, our team does take additional pro-active measures to maintain a secure infrastructure on AWS.
All user data is automatically backed up on Amazon servers with the capability to provide point-in-time recovery down to the second. Additionally, we create automatic backups on a daily basis.
When you access our site, your connection is secured via 256 bit Secure Socket Layer (SSL) technology. These communications cannot be viewed by a third party and they are the same level of encryption used by banks and financial institutions. Qualsys' SSL Labs scored Mindful Team's SSL implementation as "A" on their SSL Server test.
Attack Prevention & Mitigation
Mindful Team monitors its servers on a 24/7 basis using a combination of real-time network monitoring, network threat management, intrusion detection systems, and vulnerability assessments. Mindful Team perform regular penetration tests and code audits.
Account Management & Verification
Mindful Team safeguards your users with default email verification at account creation time and during password resets, as well as Slack Single Sign On. Enterprise customers also have the option of authentication via Single Sign On (SSO). This enables enterprise customers to manage the provisioning process internally.
Mindful Team is registered with the Information Commissioner’s Office under registration reference: ZA252957. The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
All purchases made on the Mindful Team website are processed using Stripe. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. Stripe forces HTTPS for all services and all card numbers are encrypted with AES-256. If you have any additional questions, please visit Stripe's security page to read more about their security.
Mindful Team has an incident response plan in place to handle those worst-case scenarios - intrusions and security breaches, DDoS attacks, or any other issue. Mindful Team has a team of specialists who are available on call to help prevent damage and protect our customers, in the event of an incident.
Mindful Team enforces a mandatory full-disk encryption policy for all employee devices (including laptops, tablets, and mobile phones). Mindful Team is also able to track any employee device (if lost or stolen) and remotely wipe its data, if necessary.