Security and privacy are our cornerstones
We protect MindFi users with enterprise-grade privacy and encryption. Built to be GDPR compliant, ISO 27001:2013 certified, and continuously hardened with regular penetration testing.
Last updated: January 29, 2024
We guard MindFi users with best-in-class processes
Individual users of mental health apps already have major concerns about personal privacy and confidentiality. Companies have an even greater burden to stay compliant.
We recognize that you’re placing a lot of trust in us by using our services. That’s why we maintain the highest standards of data privacy and security — with regular penetration testing, security reviews, GDPR-compliant design, and end-to-end encryption.
Network & application security
Defense-in-depth from the network edge all the way down to every byte we store.
Data Encryption
Data is encrypted in-transit using bank-grade TLS 1.2 and at-rest using 256-bit encryption via native GCP capabilities.
Penetration Testing
Independent third-party agencies run black-box penetration testing on our infrastructure and application layers every year.
Data Access
Customer data is only accessible to authorized personnel who need it for their role. Every access is logged and monitored.
Data Backup
All data is backed up on GCP and retained for 90 days, so we can restore information in the event of a hardware failure.
Incident Response
Our incident response plan is reviewed regularly. Any security breach is communicated within 48 hours and patched promptly.
Business Continuity
Standby systems and a documented continuity plan keep us serving customers even in the most unlikely disruption scenarios.
Built on Google Cloud Platform, hosted in Singapore
GCP data centers are protected by custom-designed electronic access cards, 24/7 video surveillance, intrusion detection, and access log monitoring. The platform is backed by GCP’s SOC 1, SOC 2, and SOC 3 compliance.
Learn about GCP securitySOC 1
Certified
SOC 2
Certified
SOC 3
Certified
GCP
Singapore region
Certifications & compliance
Independently verified standards that mean your team’s data is handled with the care it deserves.
Data protection
GDPR compliant
We handle client and user data responsibly with the highest security implementations in place to protect healthcare data. Employees with EU residents can rest easy knowing MindFi handles personal information in compliance with the latest EU laws.
Information security
ISO 27001:2013 certified
ISO/IEC 27001 is the international standard for information security. Global certification body TUV SUD verified that our information security protocols meet ISO 27001 standards — best in class.
