Managing PrivacyOps without Compromising on Security

Your company's security and privacy is our top priority.
Learn how we accomplish that below
Vigilance

We constantly challenge our own security & safeguards with sophisticated penetration tests and a responsible disclosure rewards program.

SSDLC Framework

Our software lifecycle is security-focused. We consider security at every stage of the product development process.

Data Minimization

Our policy is to collect the bare minimum amount of data necessary to fulfill requests or prepare reports for an upcoming audit.

Complexities of Privacy Tech and Regulation in a Data-Saturated Reality

Required Access

It is an inherent requirement to grant access across your tech stack in order to discover and map personal data across it, as well as execute data subject access and erasure requests. We hold ourselves to the most stringent security standards with any type of access or connection.

Sensitive Data

Consumers have the right to download any personal information you have about them under data privacy regulations. To protect this data, we ensure it is not intercepted in transit and that it is only sent to the right person.

Compliance, Security & Regulatory Standards

OAUTH 2 badgeAICPA SOC 2 badgeISO 270O1 certified badgeiapp bronze member badge
MineOS operates with certifications for ISO/IEC 27001:2013 & SOC 2 Type 2

Security Tools We Use

Our Security Promise

Operational Security

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

Mine Employees

  • All staff machines must comply with our Confidentiality Policy which includes a requirement to “take all reasonable measures to protect security and prevent unauthorized access or disclosure of all confidential information”.
  • We provide periodic security training and tests for all employees.
  • Our office has 24-hour security, cameras, and requires a biometric lock to access.
  • We have a thorough employee termination/access removal process.

Application Security

  • All data is encrypted at transit and rest with modern encryption while disabling outdated ciphers/protocols.
  • We also contract a reputable third party for annual security audits and penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • We keep full audit logs and have monitors and alerts for every suspicious activity.

Data Center Security

  • Mine was specifically built around compliance with the EU General Data Protection Regulation (GDPR) (http://www.eugdpr.org/).
  • Our data centers are all located inside the EU (Western Europe).
  • We host our infrastructure on Google Cloud Platform (https://cloud.google.com/security/).

3rd Party Data Source Integrations: Protocols

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

3rd Party Data Source Integrations: Permissions

When integrating with a 3rd party SaaS to automate request handling, Mine uses the minimal set of permissions required to operate. Such operations include:

  • Search for objects that belong to a user by email/id
  • Retrieve such objects
  • Delete/anonymize such objects

Responsible Disclosure Rewards Program

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Mine rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or accessing another user’s private data).

A minimum reward of $100 USD may be provided for the disclosure of qualifying reports. At our discretion, we may increase the reward amount based on the severity of the report. If you report a vulnerability that does not qualify under the above criteria, we may still provide a non-monetary reward in the form of Mine merchandise if your report causes us to take specific action to improve our security posture.

We ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not reward denial of service, spam, or social engineering vulnerabilities.

For submission guidelines see: OWASP Vulnerability Disclosure Cheat Sheet

Read the full scope, criteria, and restrictions in our help center.

Operational Security

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

Mine Employees

  • All staff machines must comply with our Confidentiality Policy which includes a requirement to “take all reasonable measures to protect security and prevent unauthorized access or disclosure of all confidential information”.
  • We provide periodic security training and tests for all employees.
  • Our office has 24-hour security, cameras, and requires a biometric lock to access.
  • We have a thorough employee termination/access removal process.

Application Security

  • All data is encrypted at transit and rest with modern encryption while disabling outdated ciphers/protocols.
  • We also contract a reputable third party for annual security audits and penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • We keep full audit logs and have monitors and alerts for every suspicious activity.

Data Center Security

  • Mine was specifically built around compliance with the EU General Data Protection Regulation (GDPR) (http://www.eugdpr.org/).
  • Our data centers are all located inside the EU (Western Europe).
  • We host our infrastructure on Google Cloud Platform (https://cloud.google.com/security/).

3rd Party Data Source Integrations: Protocols

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

3rd Party Data Source Integrations: Permissions

When integrating with a 3rd party SaaS to automate request handling, Mine uses the minimal set of permissions required to operate. Such operations include:

  • Search for objects that belong to a user by email/id
  • Retrieve such objects
  • Delete/anonymize such objects

Responsible Disclosure Rewards Program

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Mine rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or accessing another user’s private data).

A minimum reward of $100 USD may be provided for the disclosure of qualifying reports. At our discretion, we may increase the reward amount based on the severity of the report. If you report a vulnerability that does not qualify under the above criteria, we may still provide a non-monetary reward in the form of Mine merchandise if your report causes us to take specific action to improve our security posture.

We ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not reward denial of service, spam, or social engineering vulnerabilities.

For submission guidelines see: OWASP Vulnerability Disclosure Cheat Sheet

Read the full scope, criteria, and restrictions in our help center.

Join thousands of companies using MineOS
Fender logoRasa logoShiftSmart logoUniversal Standard logoOpen HealthZoeSplendid Spoon logoGlasses USA logoNutriSense logotaxfyle logoSnappy logolumosity logozyte logouserzoom logoStellar Health logoadorq logodata.ai logoMinim logo
Fender logoRasa logoShiftSmart logoUniversal Standard logoOpen HealthZoeSplendid Spoon logoGlasses USA logoNutriSense logotaxfyle logoSnappy logolumosity logozyte logouserzoom logoStellar Health logoadorq logodata.ai logoMinim logo
Fender logoRasa logoShiftSmart logoUniversal Standard logoOpen HealthZoeSplendid Spoon logoGlasses USA logoNutriSense logotaxfyle logoSnappy logolumosity logozyte logouserzoom logoStellar Health logoadorq logodata.ai logoMinim logo
Fender logoRasa logoShiftSmart logoUniversal Standard logoOpen HealthZoeSplendid Spoon logoGlasses USA logoNutriSense logotaxfyle logoSnappy logolumosity logozyte logouserzoom logoStellar Health logoadorq logodata.ai logoMinim logo

G2 names MineOS a leader

5 stars
Based on +166 verified reviews on
G2 logo
"Streamlining complex privacy compliance"
“Great team, tackling an important challenge in privacy, and taking a data-driven approach.”
G2 logo
Posted on G2
"Integrated and user friendly platform complemented with excellent support"
"The level of support provided to ensure it's set up properly and you know how to use it to maximise it's effectiveness."
G2 logo
Posted on G2
"A great platform with so much promise in the pipeline"
"MineOS is a great way to ensure all of your DSR needs are centralized and controlled in the same location. It has made understanding our DSR process so much more than ever before."
G2 logo
Posted on G2
"Great product and even better people!"
"I genuinely have nothing bad to say about Mine! They are truly a best-in-class solution."
G2 logo
Posted on G2
"Privacy compliance simplified and streamlined"
"The setup process is quick and easy. Many other platforms are overly complicated. Especially when you do not have teams dedicated to this."
G2 logo
Posted on G2
"Easy to use Privacy Platform"
"We had no visibility to review our entire data inventory at this level before. Now we can we where and what data types we have."
G2 logo
Posted on G2
"DSR automation without the hassle"
"The UI is straightforward and plan flexibility. Ease of setup as well. It meets all the requirements."
G2 logo
Posted on G2
"Great tool/sped up processes"
"Great tool. Helped automate and vastly sped up our process for DSR Handling."
G2 logo
Posted on G2
"A great one stop shop to manage privacy!"
"Easy to use and very intutuive UI which simplifies managing all of your privacy tasks."
G2 logo
Posted on G2
"Fantastic for handling DSRs and More"
"This not only saved me a lot of time, but it also ensured that there was no chance of errors. Overall, I was very pleased with how Mine PrivacyOps handled data deletion requests."
G2 logo
Posted on G2
"Comprehensive privacy platform supported by a passionate team"
"As for the software, Mine strikes a great blend of approachability, reporting, process and trust that is critical for team adoption and ongoing business justification."
G2 logo
Posted on G2
"Excellent product - better people"
"They check in all the time, give us tips and tricks, and help in every way possible. Every single person we have encountered is friendly and deeply believes in their product and PII rights."
G2 logo
Posted on G2
"A fantastic privacy platform"
"The ability to use automations for third party services alongside manual tasks for more complex internal systems has allowed our team to feel confident in a well-defined data deletion process."
G2 logo
Posted on G2
"Great Platform and customer service"
"The platform is intuitive and well-designed. It facilitates dealing with all privacy complaints. It's really easy to use."
G2 logo
Posted on G2
"Data Privacy & Security Platform"
"Easy to use and Configure. Very User Friendly. Compliance with multiple Jurisdiction. Reports, as you need, based on your organization size, type, and business.."
G2 logo
Posted on G2
"Great software that consolidates multiple solutions"
"It's ability to make data mapping easier, manage DSR requests and handle data flows to locate data and its origin."
G2 logo
Posted on G2
"Great tool for business"
"I love how easy it was to get started with Mine. Their UI is easy to follow and makes addressing customer data requests stress-free. As a one-person team monitoring these requests right now I couldn't be happier with the ease of use."
G2 logo
Posted on G2
"Data privacy compliance in the best possible way"
"MineOS helped the team to verify our Privacy Compliance without the need to invest in lengthy processes and having the existing team integrate it in their day-to-day operations."
G2 logo
Posted on G2
"Say Mine for Data Privacy"
"The user interface is simple and intuitive. It provides my consumers a simple, tracable way to communicate their privacy requests."
G2 logo
Posted on G2
"Very Simple and User friendly"
"I like how simple and self explanitory the steps and processes are. It is very simple to use and easy to navigate."
G2 logo
Posted on G2
"Set-up was quick and easy, support has been great"
"It's a great application that's very streamlined and intuitive to use."
G2 logo
Posted on G2
"Streamlining complex privacy compliance"
“Great team, tackling an important challenge in privacy, and taking a data-driven approach.”
G2 logo
Posted on G2
"Integrated and user friendly platform complemented with excellent support"
"The level of support provided to ensure it's set up properly and you know how to use it to maximise it's effectiveness."
G2 logo
Posted on G2
"A great platform with so much promise in the pipeline"
"MineOS is a great way to ensure all of your DSR needs are centralized and controlled in the same location. It has made understanding our DSR process so much more than ever before."
G2 logo
Posted on G2
"Great product and even better people!"
"I genuinely have nothing bad to say about Mine! They are truly a best-in-class solution."
G2 logo
Posted on G2
"Privacy compliance simplified and streamlined"
"The setup process is quick and easy. Many other platforms are overly complicated. Especially when you do not have teams dedicated to this."
G2 logo
Posted on G2
"Easy to use Privacy Platform"
"We had no visibility to review our entire data inventory at this level before. Now we can we where and what data types we have."
G2 logo
Posted on G2
"DSR automation without the hassle"
"The UI is straightforward and plan flexibility. Ease of setup as well. It meets all the requirements."
G2 logo
Posted on G2
"Great tool/sped up processes"
"Great tool. Helped automate and vastly sped up our process for DSR Handling."
G2 logo
Posted on G2
"A great one stop shop to manage privacy!"
"Easy to use and very intutuive UI which simplifies managing all of your privacy tasks."
G2 logo
Posted on G2

Want to hear more?

Read more HERE, or simply reach out via chat with any questions
Talk to us