🔐 Data Security
At Mind Your Now, protecting your data is our top priority. Learn about the measures we take to keep your information safe and secure.
Security Overview
We implement multiple layers of security:
- Encryption: All data encrypted in transit and at rest
- Authentication: Secure JWT-based authentication
- Authorization: Role-based access control
- Infrastructure: Secure cloud hosting
- Monitoring: 24/7 security monitoring
Data Protection Measures
Encryption
- In Transit: TLS 1.3 for all connections
- At Rest: AES-256 encryption for stored data
- Passwords: Bcrypt hashing with salt
- Tokens: Secure random generation
Authentication & Access
- JWT Tokens: Short-lived, secure tokens
- Session Management: Automatic timeout
- Password Requirements: Minimum complexity enforced
- Two-Factor Authentication: Coming soon
Infrastructure Security
- Cloud Hosting: Enterprise-grade providers
- Firewalls: Multiple layers of protection
- DDoS Protection: Automatic mitigation
- Regular Updates: Security patches applied promptly
Privacy by Design
Data Minimization
- Only collect necessary information
- No tracking of unnecessary data
- Regular data cleanup
- Anonymous analytics only
Access Controls
- Employees have minimal required access
- Regular access audits
- Logging of all admin actions
- Principle of least privilege
Third-Party Security
- Careful vendor selection
- Security reviews of integrations
- Limited data sharing
- Regular vendor audits
Your Security Options
Account Security
- Strong password requirements
- Secure password reset process
- Email verification
- Login notifications (coming soon)
Data Control
- Export your data anytime
- Delete your account permanently
- Control sharing settings
- Manage integrations
Privacy Settings
- Control household visibility
- Manage task sharing
- Configure notifications
- Set data retention preferences
Compliance & Certifications
Regulatory Compliance
- GDPR: Full compliance for EU users
- CCPA: California privacy rights
- COPPA: No accounts under 13
- App Store: Privacy guidelines met
Security Standards
- Regular security audits
- Penetration testing
- Vulnerability scanning
- Code security reviews
Incident Response
Our Process
- Detection: Automated monitoring
- Assessment: Immediate investigation
- Containment: Isolate affected systems
- Resolution: Fix vulnerabilities
- Communication: Notify affected users
- Review: Improve defenses
User Notification
If a breach affects you:
- Email notification within 72 hours
- Clear explanation of impact
- Steps to protect yourself
- Direct support contact
Best Practices for Users
Password Security
- Use unique, strong passwords
- Consider a password manager
- Never share your password
- Change if compromised
Account Protection
- Verify emails from us
- Report suspicious activity
- Keep email address updated
- Log out on shared devices
Integration Safety
- Review connected accounts
- Revoke unused integrations
- Understand permissions granted
- Regular audit of connections
Reporting Security Issues
Responsible Disclosure
Found a vulnerability? Please:
- Email [email protected]
- Include detailed description
- Steps to reproduce
- Allow time for fix
- Coordinated disclosure
Bug Bounty Program
Coming soon! Rewards for:
- Critical vulnerabilities
- Data exposure risks
- Authentication bypasses
- Other significant issues
Frequently Asked Questions
Q: Is my data encrypted? A: Yes, all data is encrypted both in transit (HTTPS) and at rest (AES-256).
Q: Who has access to my data? A: Only you and members of households you join. Our staff has minimal access for support only.
Q: How long is data retained? A: Active data indefinitely while account exists. Deleted data removed after 30-day grace period.
Q: Can I see what data you have? A: Yes! Use our Data Export feature to download everything.
Q: Do you sell my data? A: Never. We don't sell, rent, or share your personal data with third parties.
Security Updates
Recent Improvements
- Enhanced password requirements
- Improved session management
- Additional encryption layers
- Automated security scanning
Upcoming Features
- Two-factor authentication
- Login notifications
- Security checkup tool
- Enhanced audit logs
Contact Security Team
General Inquiries
- Email: [email protected]
- Response time: 24-48 hours
Urgent Issues
- Mark email as "URGENT"
- Include impact assessment
- Provide contact phone if critical
Related Resources
- Privacy Policy - Full privacy details
- Data Export - Download your data
- Account Deletion - Delete your account
- Terms of Service - Legal terms