We take our security practices very seriously and keeping your data safe and secure is a top priority. We utilize some of the most advanced technology for Internet security available today. Here's what that means in detail:

Data Center

Mindful Team is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in. For additional details regarding AWS security, please refer to https://aws.amazon.com/security/. We don't publicize exactly what features, services and data center regions/zones are used at Mindful Team for security reasons. However, our team does take additional pro-active measures to maintain a secure infrastructure on AWS.

Backups

All user data is automatically backed up on Amazon servers with the capability to provide point-­in-­time recovery down to the second. Additionally, we create automatic backups on a daily basis.

Application Security

When you access our site, your connection is secured via 256 bit Secure Socket Layer (SSL) technology. These communications cannot be viewed by a third party and they are the same level of encryption used by banks and financial institutions. Qualsys' SSL Labs scored Mindful Team's SSL implementation as "A" on their SSL Server test.

Attack Prevention & Mitigation

Mindful Team monitors its servers on a 24/7 basis using a combination of real-time network monitoring, network threat management, intrusion detection systems, and vulnerability assessments. Mindful Team perform regular penetration tests and code audits.

Account Management & Verification

Mindful Team safeguards your users with default email verification at account creation time and during password resets, as well as Slack Single Sign On. Enterprise customers also have the option of authentication via Single Sign On (SSO). This enables enterprise customers to manage the provisioning process internally.

Data Privacy

Mindful Team is registered with the Information Commissioner’s Office under registration reference: ZA252957. The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

We have a published privacy policy that clearly defines what data is collected and how it is used. We are committed to customer privacy and transparency. Please see our full /privacy for more details.

Secure Payments

All purchases made on the Mindful Team website are processed using Stripe. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. Stripe forces HTTPS for all services and all card numbers are encrypted with AES-256. If you have any additional questions, please visit Stripe's security page to read more about their security.

Incident Response

Mindful Team has an incident response plan in place to handle those worst-case scenarios - intrusions and security breaches, DDoS attacks, or any other issue. Mindful Team has a team of specialists who are available on call to help prevent damage and protect our customers, in the event of an incident.

Employee Devices

Mindful Team enforces a mandatory full-disk encryption policy for all employee devices (including laptops, tablets, and mobile phones). Mindful Team is also able to track any employee device (if lost or stolen) and remotely wipe its data, if necessary.