Enterprise-Grade Security You Can Trust
Your data is your most valuable asset. We treat it with the security and privacy it deserves.
SOC 2 Type II
ISO 27001
GDPR Compliant
Security Fundamentals
Encryption at Rest
All data stored in our systems is encrypted using AES-256, the military-grade encryption standard. Only you have the decryption keys.
Encryption in Transit
All data transmitted between your devices and our servers uses TLS 1.3 encryption. No unencrypted communications.
Zero-Knowledge Architecture
We cannot access your data even if we wanted to. Your encryption keys are managed exclusively by you.
Access Controls
Role-based access control (RBAC) ensures that only authorized team members can access specific data and features.
Infrastructure Security
Self-hosted deployments on your infrastructure. Managed deployments on isolated, hardened cloud infrastructure.
Regular Security Audits
Third-party security audits and penetration testing conducted quarterly. Full transparency and reporting.
Certifications & Compliance
We maintain the highest industry standards
SOC 2 Type II
Security, availability, and confidentiality controls verified annually
ISO 27001
International information security management standard
GDPR Compliant
Full compliance with EU data protection regulations
CCPA Compliant
California Consumer Privacy Act compliance
HIPAA Eligible
For healthcare and medical data use cases
SOC 3
Available upon request for enterprise customers
Compliance & Privacy Controls
Data Retention Policies
Configure automatic data deletion based on retention schedules. No data retained longer than necessary.
- Configurable retention periods
- Automatic deletion workflows
- Audit trail of deletions
Audit Logging
Complete audit trail of all actions. Who accessed what data, when, and what they did.
- Real-time event logging
- 60-day log retention (configurable)
- Export audit logs anytime
Data Residency
Choose where your data is stored. EU, US, APAC, or on-premises options available.
- Single-region or multi-region deployment
- Data sovereignty compliance
- No automatic backups to other regions
API Security
Secure API access with API keys, OAuth 2.0, and JWT tokens. Rate limiting and abuse protection.
- API key rotation
- Rate limiting per user
- Webhook signature verification
Our Security Commitment
Security FAQ
Can Mindsentry see my data?▼
No. We use end-to-end encryption with zero-knowledge architecture. Your data is encrypted with your own encryption keys, which we never have access to. We cannot decrypt your data even if legally compelled to do so.
Is my data shared with third parties?▼
Absolutely not. Your data is never shared with LLM providers, data brokers, or any third parties. We only share metadata necessary for service operation (e.g., account creation, billing).
Is the platform compliant with regulations?▼
Yes. Mindsentry is compliant with GDPR, CCPA, HIPAA, and other major regulations. We undergo regular SOC 2 audits and provide compliance documentation to enterprise customers.
What happens if there's a data breach?▼
We have comprehensive incident response procedures. In the unlikely event of a breach, we will notify affected users within 24 hours and provide transparent information about what data was accessed and steps being taken.
Can I delete my data?▼
Yes. You can delete individual documents, conversations, or your entire account anytime. Deleted data is permanently removed from all systems within 30 days.
Do you use my data to train AI models?▼
Absolutely not. Your data is never used to train any models, including our own. Your proprietary information remains completely private and separate from any model training.
Want More Details?
Check out our comprehensive security documentation and compliance reports.
Security You Can Trust
Start your free trial with enterprise-grade security built in.