Security and privacy are our cornerstones

We guard MindFi users with best-in-class processes
Individual users of mental health apps already have major concerns about personal privacy and confidentiality. Companies have an even greater burden to stay compliant.
We recognize that you’re placing a lot of trust in us by using our services. That’s why we maintain the highest standards of data privacy and security. MindFi undergoes regular penetration testing and security reviews. The platform is designed to be GDPR compliant, and we encrypt data at-rest and in-transit.
Network and Application Security
-
Data is encrypted in-transit using bank-grade TLS 1.2, the safest method available today. Data is encrypted at-rest using 256-bit encryption via native AWS capabilities.
-
MindFi provides access to customer data only to authorized personnel who require it for their job. The access to this data is logged and monitored regularly to ensure compliance.
-
MindFi has an incident response plan in place that is reviewed regularly. Security breaches will be communicated within 48 hours. And vulnerabilities are fixed as soon as possible.
-
MindFi undergoes black box penetration testing on infrastructure and application layer conducted by an independent, third-party agency, on an annual basis.
-
MindFi backs up all data on its system using AWS and maintains backups for a period of 90 days to enable our team to restore information in the event of a hardware failure.
-
MindFi has in place a business continuity so that our staff is ready to continue to serve customers even in the most unlikely of events. We have standby systems to achieve this.

Infrastructure Security
More can be learned about AWS security here: https://aws.amazon.com/security/
Infrastructure Security

GDPR

ISO 27001:2013
MindFi currently follows policies that are compliant with ISO 27001:2013 and are working with an independent accredited firm on our certification that is expected in 2022.