Security FAQ | MineMe

General Security

How does MineMe protect my data? +

We implement multiple layers of security:

End-to-end encryption for data in transit using TLS 1.3
AES-256 encryption for data at rest
Multi-factor authentication (MFA) for all user accounts
Role-based access control (RBAC) to limit data access
Regular security audits and penetration testing

What data do you collect and store? +

We only collect data necessary for our services:

Account information: Name, email, company details
Integration data: CRM contacts, campaign metrics, performance data
Usage analytics: Feature usage, system performance metrics
Audit logs: Security and compliance tracking

We never store sensitive credentials like passwords for third-party services — we use secure OAuth tokens that can be revoked at any time.

How do you handle data breaches? +

Our incident response plan includes:

Immediate containment and investigation
User notification within 72 hours if personal data is affected
Forensic analysis to prevent future incidents
Transparent communication about remediation steps

AWS Infrastructure Security

Where is my data hosted? +

Our infrastructure is hosted on Amazon Web Services (AWS), with the following security features:

VPC isolation with private subnets
AWS WAF protection against common web exploits
CloudTrail logging for all infrastructure changes
Systems Manager for secure server access (no SSH keys)

How is database security handled? +

Our databases use:

Amazon RDS PostgreSQL with automated backups
Encryption at rest using AWS KMS customer-managed keys
VPC security groups restricting network access
Database activity monitoring and query logging
Automated security patches and updates
Point-in-time recovery up to 35 days

How do you manage AWS access and credentials? +

We follow AWS security best practices:

IAM roles with least-privilege access
No long-term access keys — all access uses temporary credentials
MFA required for all human access to AWS console
AWS SSO integration for centralized access management
Regular access reviews and automated credential rotation

Firebase Security

How is Firebase authentication secured? +

Our Firebase authentication includes:

Email/password authentication with strong password policies
Google OAuth integration for seamless sign-in
Email verification required for all new accounts
Password reset protection with secure token validation
Account lockout after failed login attempts
Session management with automatic timeout

What Firebase security rules are in place? +

Our Firestore security rules:

User-based data isolation — users can only access their own data
Role-based permissions for admin and team access
Field-level validation to prevent malicious data
Rate limiting to prevent abuse
Audit logging for all database operations

How is Firebase data protected? +

Firebase provides enterprise-grade security:

Automatic HTTPS encryption for all connections
Identity and Access Management (IAM) integration
Data residency in secure Google Cloud data centers
Backup and disaster recovery with 99.95% uptime SLA

Third-Party Integrations

How secure are integrations with Salesforce, HubSpot, and Gmail? +

All integrations use industry-standard security:

OAuth 2.0 authentication — we never store your passwords
Scoped permissions — we only request access to necessary data
Token encryption and secure storage
Automatic token refresh to minimize exposure
Revokable access — you can disconnect anytime

What happens to my integration data if I disconnect? +

When you disconnect an integration:

Tokens are immediately revoked and deleted
Cached data is purged within 24 hours
Access logs are maintained for compliance (metadata only)
You can reconnect anytime without data loss

Do you share data with third parties? +

We do not sell or share your data with third parties except:

Service providers (AWS, Firebase) under strict data processing agreements
Legal requirements when compelled by valid legal process
With your explicit consent for specific features or integrations

Compliance & Certifications

What compliance standards does MineMe meet? +

We are compliant with:

CASA

Note: All locations where our data is stored and our pipelines operate are within SOC2 approved systems.

How can I request my data or have it deleted? +

You have full control over your data:

Data export: Request a complete export of your data anytime
Data deletion: Request permanent deletion of your account and data
Data portability: Export data in standard formats (JSON, CSV)
Response time: We respond to all requests within 30 days

Where can I report security issues? +

Please report security concerns to:

Email: archana@minemedata.com
Bug bounty: We run a responsible disclosure program
Response time: We acknowledge reports within 24 hours
Updates: We provide regular updates during investigation

Contact & Support

Who can I contact for security questions? +

Our security team is available:

Email: archana@minemedata.com
Enterprise support: Available 24/7 for enterprise customers
Documentation: Detailed security guides in our knowledge base
Regular updates: Security newsletters and product announcements

How often do you update security practices? +

We continuously improve security:

Monthly security reviews and updates
Quarterly penetration testing by third-party security firms
Annual compliance audits and certifications
Immediate patching for critical vulnerabilities
Regular training for all engineering staff