Keeping user data safe and secure is a huge responsibility and a top priority for us. We are working hard to protect our users from the latest threats. This guide offers you an insight into the steps and measures that are being undertaken in order to prevent, detect, and respond to information security, disaster protection, and recovery plans.
The role of our system security program is to protect our users’ information by reducing the risk of loss of confidentiality, integrity, and availability of that information to an acceptable level.
ISO/IEC 27001:2018
Mindomo is certified by TUV Austria, proving that an information security management system is in place, respecting the ISO 27001 standard's requirements. View the Certificate
ISO/IEC 27701:2019
Mindomo is a certified ISO 27701 service by TUV Austria and is fully EU-GDPR compliant. This standard requires additional privacy requirements regarding information management systems. View the Certificate
Data Location
Our primary data center is Hetzner Online GmbH located in Germany, European Union.
Backups
A daily backup of Mindomo databases is stored at Amazon AWS in Frankfurt, Germany. Also, any user can opt to use the Google Drive, Dropbox and FTP integrations to backup his/her data. So, he/she can connect their Mindomo account with their Google Drive, Dropbox and/or FTP account and perform a daily backup of all diagrams.
Reliability
Encryption in Transit
Over public networks, we only send data using strong encryption. We use SSL certificates issued by Sectigo RSA, RapidSSL CA. The connection uses 256 bit for encryption. You can check our currently supported ciphers here.
Encryption at Rest
We provide industry standard encryption for Customer Content as follows:
Payments and Credit Card Data storage
All payments made for Mindomo use www.stripe.com (PCI Certified). For additional information, please visit https://stripe.com/privacy. No credit card data or payment related information is stored on Mindomo servers. We also use www.paypal.com for paying with your PayPal account.
Customer Content Access and Management
We have the following formal procedures in place to limit access to Customer Content:
Network Security
Physical Security
Our state-of-the-art servers are hosted at Hetzner Online GmbH, an ISO 27001 certified secure data center located in the heart of Nuremberg and in Falkenstein/Vogtland, Germany. Hetzner Online's two data center parks provide an excellent and environmentally-friendly infrastructure for our product. Multi-redundant network connections to important Internet exchanges ensure fast website access. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides extra protection against unauthorized entry and security breaches.
The data center is protected by video-monitored high-security perimeter fencing around the entire data center park:
Power Supply
Climate Control
DDoS Protection
Code Security
Our development team closely reviews all code before it is released. Developers inspect the logic and data information flows of new features to ensure no security vulnerabilities are introduced. We use automatic code checking extensions to identify and help fix quality and security issues in our code. Several testing methods are employed and ran to ensure the application does not behave in an unexpected way.
Load balancer
In order to ensure high availability in case of an imminent disaster, Mindomo provides load balancer failover capability. If one of the configured load balancers fails, the IP address is transferred to a new backup load balancer. External system services are used to manage the transfer of the IP address from the failed load balancer to the new load balancer node.
Application layer
The load balancer distributes the load of users to different application servers. Application servers are checked by the load balancer and if one of them fails, the load balancer re-routes users to an application server which is available. This mechanism is automatic and doesn't require user intervention.
Database layer
We use three types of data storage, which ensures safe and timely access to user-generated content. We use an in-memory datastore for fast loading of user data, a MariaDB database https://mariadb.org/ and a Cassandra https://cassandra.apache.org/ cluster.
MariaDB is configured with a Master-Master architecture. If one of the master node fails, the database driver will automatically reroute the traffic to another master node.
By design, Cassandra is replicated and fault tolerant.
Website performance monitoring
For website performance monitoring we use Pingdom https://www.pingdom.com/ . Our public status page for uptimes and response times is available at https://secure-stats.pingdom.com/xja2xu2u4o0b/430732.
System monitoring
System monitoring is provided by Prometheus https://prometheus.io/ , a powerful monitoring tool that detects and alerts our system administrators before they affect end-users and customers.
By using Prometheus, we:
How the monitoring system works:
Mindomo performs employment verification, including proof of identity validation, check of education records and employment track, and criminal background checks for new hires in positions requiring access to systems and applications storing Customer Content in accordance with applicable Law;
Security Training
Periodic training occurs on security issues and how to prevent/mitigate them for continuous improvement.
Employee Termination
Upon employee termination, whether voluntary or involuntary, Mindomo immediately disables all access to the Mindomo infrastructure.
Over the past 10 years, we’ve seen many companies come and go. It looks like security is no longer only about technology but also about gaining the user’s trust. At Mindomo, we are always committed to meeting the requirements of our customers, and we are working hard every day to maintain their trust in our product and in our services. Longevity and stability are core to our mission at Mindomo.
Want to know more?
Please contact us at support@mindomo.com if you have any other security questions and we’ll get back to you as soon as possible.