Latest Update: January 29, 2024
Security and privacy are our cornerstones
That’s why we protect MindFi users with enterprise-grade privacy and encryption. Read on to find out what this means for you.
We guard MindFi users with best-in-class processes
Individual users of mental health apps already have major concerns about personal privacy and confidentiality. Companies have an even greater burden to stay compliant.
We recognize that you’re placing a lot of trust in us by using our services. That’s why we maintain the highest standards of data privacy and security. MindFi undergoes regular penetration testing and security reviews. The platform is designed to be GDPR compliant, and we encrypt data at-rest and in-transit.
Network and Application Security
Data Encryption
Data is encrypted in-transit using bank-grade TLS 1.2, the safest method available today. Data is encrypted at-rest using 256-bit encryption via native GCP capabilities.
Penetration Testing
MindFi undergoes black box penetration testing on infrastructure and application layer conducted by an independent, third-party agency, on an annual basis.
Data Encryption
MindFi provides access to customer data only to authorized personnel who require it for their job. The access to this data is logged and monitored regularly to ensure compliance.
Data Backup
MindFi backs up all data on its system using GCP and maintains backups for a period of 90 days to enable our team to restore information in the event of a hardware failure.
Incident Response
MindFi has an incident response plan in place that is reviewed regularly. Security breaches will be communicated within 48 hours. And vulnerabilities are fixed as soon as possible.
Business Continuity
MindFi has in place a business continuity so that our staff is ready to continue to serve customers even in the most unlikely of events. We have standby systems to achieve this.
Infrastructure Security
MindFi hosts its infrastructure on Google Cloud Platform (GCP) in the Singapore region. GCP data centers have a robust security infrastructure including extensive safeguards such as custom-designed electronic access cards, video surveillance, intrusion detection, and access log monitoring systems. GCP is SOC 1, SOC 2, and SOC 3 certified. More can be learned about GCP’s security here: https://cloud.google.com/security
Certifications & Compliance
GDPR
MindFi is GDPR compliant. We handle our client and users data responsibly and have the highest security implementations in place to protect their healthcare data.
Employees with EU residents can rest easy knowing that MindFi is handling their personal information in compliance with the latest EU laws.
ISO 27001:2013
MindFi is a ISO 27001:2013 certified organization!
ISO/IEC 27001 is an international standard that regulates information security. Global certification body TUV SUD found that our information security protocols meet ISO 27001 standards, which are best in class.