Managing PrivacyOps without Compromising on Security

Your company's security and privacy is our top priority.
Learn how we accomplish that below
Vigilance

We constantly challenge our own security & safeguards with sophisticated penetration tests and a responsible disclosure rewards program.

SSDLC Framework

Our software lifecycle is security-focused. We consider security at every stage of the product development process.

Data Minimization

Our policy is to collect the bare minimum amount of data necessary to fulfill requests or prepare reports for an upcoming audit.

Complexities of Privacy Tech and Regulation in a Data-Saturated Reality

Required Access

It is an inherent requirement to grant access across your tech stack in order to discover and map personal data across it, as well as execute data subject access and erasure requests. We hold ourselves to the most stringent security standards with any type of access or connection.

Sensitive Data

Consumers have the right to download any personal information you have about them under data privacy regulations. To protect this data, we ensure it is not intercepted in transit and that it is only sent to the right person.

Compliance, Security & Regulatory Standards

MineOS operates with certifications for ISO/IEC 27001:2013 & SOC 2 Type 2

Security Tools We Use

Our Security Promise

Operational Security

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

Mine Employees

  • All staff machines must comply with our Confidentiality Policy which includes a requirement to “take all reasonable measures to protect security and prevent unauthorized access or disclosure of all confidential information”.
  • We provide periodic security training and tests for all employees.
  • Our office has 24-hour security, cameras, and requires a biometric lock to access.
  • We have a thorough employee termination/access removal process.

Application Security

  • All data is encrypted at transit and rest with modern encryption while disabling outdated ciphers/protocols.
  • We also contract a reputable third party for annual security audits and penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • We keep full audit logs and have monitors and alerts for every suspicious activity.

Data Center Security

  • Mine was specifically built around compliance with the EU General Data Protection Regulation (GDPR) (http://www.eugdpr.org/).
  • Our data centers are all located inside the EU (Western Europe).
  • We host our infrastructure on Google Cloud Platform (https://cloud.google.com/security/).

3rd Party Data Source Integrations: Protocols

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

3rd Party Data Source Integrations: Permissions

When integrating with a 3rd party SaaS to automate request handling, Mine uses the minimal set of permissions required to operate. Such operations include:

  • Search for objects that belong to a user by email/id
  • Retrieve such objects
  • Delete/anonymize such objects

Responsible Disclosure Rewards Program

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Mine rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or accessing another user’s private data).

A minimum reward of $100 USD may be provided for the disclosure of qualifying reports. At our discretion, we may increase the reward amount based on the severity of the report. If you report a vulnerability that does not qualify under the above criteria, we may still provide a non-monetary reward in the form of Mine merchandise if your report causes us to take specific action to improve our security posture.

We ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not reward denial of service, spam, or social engineering vulnerabilities.

For submission guidelines see: OWASP Vulnerability Disclosure Cheat Sheet

Read the full scope, criteria, and restrictions in our help center.

Operational Security

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

Mine Employees

  • All staff machines must comply with our Confidentiality Policy which includes a requirement to “take all reasonable measures to protect security and prevent unauthorized access or disclosure of all confidential information”.
  • We provide periodic security training and tests for all employees.
  • Our office has 24-hour security, cameras, and requires a biometric lock to access.
  • We have a thorough employee termination/access removal process.

Application Security

  • All data is encrypted at transit and rest with modern encryption while disabling outdated ciphers/protocols.
  • We also contract a reputable third party for annual security audits and penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
  • We keep full audit logs and have monitors and alerts for every suspicious activity.

Data Center Security

  • Mine was specifically built around compliance with the EU General Data Protection Regulation (GDPR) (http://www.eugdpr.org/).
  • Our data centers are all located inside the EU (Western Europe).
  • We host our infrastructure on Google Cloud Platform (https://cloud.google.com/security/).

3rd Party Data Source Integrations: Protocols

  • Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
  • All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
  • Our organization’s Development, Test, and Operational systems are separated.
  • We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.

3rd Party Data Source Integrations: Permissions

When integrating with a 3rd party SaaS to automate request handling, Mine uses the minimal set of permissions required to operate. Such operations include:

  • Search for objects that belong to a user by email/id
  • Retrieve such objects
  • Delete/anonymize such objects

Responsible Disclosure Rewards Program

We understand the hard work that goes into security research. To show our appreciation for researchers who help us keep our users safe, we operate a reward program for responsibly disclosed vulnerabilities. Mine rewards the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or accessing another user’s private data).

A minimum reward of $100 USD may be provided for the disclosure of qualifying reports. At our discretion, we may increase the reward amount based on the severity of the report. If you report a vulnerability that does not qualify under the above criteria, we may still provide a non-monetary reward in the form of Mine merchandise if your report causes us to take specific action to improve our security posture.

We ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not reward denial of service, spam, or social engineering vulnerabilities.

For submission guidelines see: OWASP Vulnerability Disclosure Cheat Sheet

Read the full scope, criteria, and restrictions in our help center.

Trusted by companies around the world
g2 - users most likely to recommend - enterprise - winter 2023g2 - best results - enterprise - winter 2023g2 - best meets requirements - enterprise - winter 2023g2 - easiest admin - enterprise - winter 2023g2 - fastest implementation - enterprise - winter 2023users love us badgeg2 - best support - winter 2023g2 - leader - winter 2023g2 - best est. ROI - winter 2023g2 - best usability - enterprise - winter 2023g2 - fastest implementation - winter 2023
"Streamlining complex privacy compliance"
“Great team, tackling an important challenge in privacy, and taking a data-driven approach.”
G2 logo
Posted on G2
"Implementing Mine for our company has saved 5+ hours of developer time each month"
“We're more confident than ever now in our audit logs + paper trail that we create around each request and we feel that we've finally found a Tech solution to match the level of legal team investment that we make in our privacy workflows.”
G2 logo
Posted on G2
"Easy to use software"
“Mine helps in managing customer data privacy requests by consolidating data from different databases and easily processing it as per requirement.”
G2 logo
Posted on G2
"Privacy compliance all in one location"
“As our privacy program matures we will continue to use more features available in Mine. Also, customer support has been excellent!”
G2 logo
Posted on G2
"Sleek and Simple"
“Mine's implementation was incredibly painless. Not having to involve other internal teams made the process fast and easy, and I could manage the lift on our side on my own. The solution performed up to my expectations, and the UX was clean and straightforward.”
G2 logo
Posted on G2
"A great product with great service"
“It helped us understand our risk exposure when it comes to regulations and is extremely helpful for data mapping. The platform is very intuitive to use and has a fun and playful UI. I love working on it.”
G2 logo
Posted on G2
"Innovative privacy tool with excellent support"
“But the reason we selected PrivacyOps is that it can detect shadow IT. Other vendors that I've talked to said that was an impossible task, and they have a clever and innovative way to do that.”
G2 logo
Posted on G2
"Excellent Product With Top-Notch Support"
“The automation is a huge win. It saves time and is very accurate. I also love the data source scan to see what vendors we are engaging with.”
G2 logo
Posted on G2
"InfoSec and PrivacyOps"
“There is nothing I dislike so far. I have been extremely happy with their product development momentum.”
G2 logo
Posted on G2
"Amazing automated data protection software"
“Helping us to stay compliant with data protection laws in the most automated and cost effective manner.”
G2 logo
Posted on G2
"They may be a recent entry into the space, but I think they’re the best"
“I find the user interface to be very intuitive. And their customer service is outstanding.”
G2 logo
Posted on G2
"Very user friendly, just as I expected it to be"
“The ability to detect data sources through employees' emails has been particularly useful for us, as it has allowed us to mitigate privacy risks before they become a problem. Overall, I would highly recommend Mine PrivacyOps.”
G2 logo
Posted on G2
"Support over Slack is fantastic"
"Mine PrivacyOps makes DSR handling insanely fast. We get data deletion requests (DSRs) from multiple channels, and now the entire flow is much easier than before.... In addition, the people at Mine are adding features on a weekly basis which is sometimes very helpful (depends if it’s a feature you needed or not)."
G2 logo
Posted on G2
"A Team Who Is There For You"
“The best part of the Mine system is its team members. They are always willing to help make sure that you are getting the most of their tool. The benefits for us have been seeing the interactions with cookies and fulfilling our customers' deletion/access requests in a faster and easier manner. This has helped reduce the bandwidth required for DSAR requests more than anything else.”
G2 logo
Posted on G2
"User-friendly and really cuts down time"
“The portal is intuitive to use and easy to navigate. Most importantly, the actual request handling processes from creation to closure is straightforward while having all of the sanity checks and confirmations that help ensure nothing is missed.”
G2 logo
Posted on G2
"Both the product and the team are amazing"
“We've been using it for a couple of months now and I couldn't recommend it more. The team is privacy obsessed and really treats you as a partner rather than a customer. Their product is super easy to integrate and is customizable to your systems.”
G2 logo
Posted on G2
"Mine was very user friendly, it was just as I expected it to be."
"I can confidently say that it is the best privacy automation solution on the market. Not only does it help us to stay compliant with ever-changing privacy regulations, but it also allows us to leverage privacy for marketing purposes."
G2 logo
Posted on G2
"We use Mine to find and delete risky data"
"With Mine’s data mapping, everything is done automatically (with AI). It helped us with finding shadow IT, systems redundancy and personal data that doesn’t belong to certain sources."
G2 logo
Posted on G2
"Mine reveals HIDDEN data sources"
“When Mine released their smart Data Mapping feature, we were thrilled...And oh boy, what did we find: Shadow IT, Data sources we forgot that even existed, Duplicate SaaS (redundancy).”
G2 logo
Posted on G2
"The privacy platform from the future"
“Mine PrivacyOps is extremely innovative. I couldn’t believe such easy solutions are available in the privacy space (which is usually very complex and technical). Their powerful AI that manages all incoming DSR/DSAR, along with the other AI for scanning all of our company’s data sources, are honestly magical.”
G2 logo
Posted on G2
"It’s damn impressive how fast we can close privacy requests"
“Mine offers many many features to make our lives easier when it comes to privacy (which is usually a headache). My company started using Mine because of the privacy requests we got from its users, now we discovered also data mapping and cookie consent management.”
G2 logo
Posted on G2
"Streamlining complex privacy compliance"
“Great team, tackling an important challenge in privacy, and taking a data-driven approach.”
G2 logo
Posted on G2
"Implementing Mine for our company has saved 5+ hours of developer time each month"
“We're more confident than ever now in our audit logs + paper trail that we create around each request and we feel that we've finally found a Tech solution to match the level of legal team investment that we make in our privacy workflows.”
G2 logo
Posted on G2
"Easy to use software"
“Mine helps in managing customer data privacy requests by consolidating data from different databases and easily processing it as per requirement.”
G2 logo
Posted on G2
"Privacy compliance all in one location"
“As our privacy program matures we will continue to use more features available in Mine. Also, customer support has been excellent!”
G2 logo
Posted on G2
"Sleek and Simple"
“Mine's implementation was incredibly painless. Not having to involve other internal teams made the process fast and easy, and I could manage the lift on our side on my own. The solution performed up to my expectations, and the UX was clean and straightforward.”
G2 logo
Posted on G2
"A great product with great service"
“It helped us understand our risk exposure when it comes to regulations and is extremely helpful for data mapping. The platform is very intuitive to use and has a fun and playful UI. I love working on it.”
G2 logo
Posted on G2
"Innovative privacy tool with excellent support"
“But the reason we selected PrivacyOps is that it can detect shadow IT. Other vendors that I've talked to said that was an impossible task, and they have a clever and innovative way to do that.”
G2 logo
Posted on G2
"Excellent Product With Top-Notch Support"
“The automation is a huge win. It saves time and is very accurate. I also love the data source scan to see what vendors we are engaging with.”
G2 logo
Posted on G2
"InfoSec and PrivacyOps"
“There is nothing I dislike so far. I have been extremely happy with their product development momentum.”
G2 logo
Posted on G2

Want to hear more?

Read more HERE, or simply reach out via chat with any questions
Talk to us