Security Overview

Last Updated: June 22, 2022

Keeping user data safe and secure is a huge responsibility and a top priority for us. We are working hard to protect our users from the latest threats. This guide offers you an insight into the steps and measures that are being undertaken in order to prevent, detect, and respond to information security, disaster protection, and recovery plans.
The role of our system security program is to protect our users’ information by reducing the risk of loss of confidentiality, integrity, and availability of that information to an acceptable level.

Data protection and privacy

Data Location

Our primary data centers are in the European Union, more specifically in Germany. We also use Amazon AWS (Frankfurt, Germany) for backups. All data is written to multiple disks instantly, backed up daily and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.

A daily backup of all Mindomo data is encrypted and stored at Amazon in Frankfurt, Germany. Also, any user can opt to use the Google Drive, Dropbox and FTP integrations to backup his/her data. So, he/she can connect their Mindomo account with their Google Drive, Dropbox and/or FTP account and perform a daily backup of all mind maps.

Encryption in transit and at rest

Over public networks, we only send data using strong encryption. We use SSL certificates issued by Sectigo RSA, RapidSSL CA. The connection uses 256 bit for encryption. You can check our currently supported ciphers here: https://www.ssllabs.com/ssltest/analyze.html?d=mindomo.com&latestAny.
Customer content (files, mind map data and messages) is encrypted with AES 256bit at rest — they are active in our database and are subject to the same protection and monitoring as the rest of our systems. User passwords are hashed using bcrypt. Passwords created before Aug 2019 which were not updated are hashed using md5.

Physical Security

Our state-of-the-art servers are hosted at Hetzner.de, a professional and secure data center located in the heart of Nuremberg and in Falkenstein/Vogtland, Germany. Hetzner Online's two data center parks provide an excellent and environmentally-friendly infrastructure for our product. Multi-redundant network connections to important Internet exchanges ensure fast website access. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides extra protection against unauthorized entry and security breaches.

The data center is protected by video-monitored high-security perimeter fencing around the entire data center park:

Power Supply:

Climate Control:

DDoS Protection

Data deletion

All your content will be inaccessible immediately upon erasing. Within 30 days, all Mindomo content will be permanently deleted from all backups and logs. This information can not be recovered once it has been permanently deleted. Our backups are stored off-site for a maximum of 30 days and our logs are kept for a maximum of 30 days.

Disaster Protection and Recovery

Load balancer

In order to ensure high availability in case of an imminent disaster, Mindomo provides load balancer failover capability. If one of the configured load balancers fails, the IP address is transferred to a new backup load balancer. External system services are used to manage the transfer of the IP address from the failed load balancer to the new load balancer node.

Application layer

The load balancer distributes the load of users to different application servers. Application servers are checked by the load balancer and if one of them fails, the load balancer re-routes users to an application server which is available. This mechanism is automatic and doesn't require user intervention.

Database layer

We use three types of data storage, which ensures safe and timely access to the user-generated content. We use an in-memory datastore for fast loading of user data, a MariaDB database https://mariadb.org/ and a Cassandra http://cassandra.apache.org/ cluster.

MariaDB is configured with a Master-Master architecture. If one of the master node fails, the database driver will automatically reroute the traffic to another master node.

By design, Cassandra is replicated and fault tolerant.

Systems Monitoring

Website performance monitoring

For website performance monitoring we use Pingdom https://www.pingdom.com/ Our public status page for uptimes and response times is available at http://stats.pingdom.com/xja2xu2u4o0b/430732.

System monitoring

System monitoring is provided by Prometheus https://prometheus.io/ , a powerful monitoring tool that detects and alerts our system administrators before they affect end-users and customers.

By using Prometheus, we:

How the monitoring system works:

System Administration

Due to all the sensitive data stored, our cloud system conforms to the following requirements:

1. System access only possible with public-key authentication.

2. Each system uses the safest ciphers and key algorithms available.

3. Each system uses strict firewall rules.

4. We employ processes to ensure timely removal of a person’s access once that access is no longer required.

Conclusion

Over the past 10 years, we’ve seen many companies come and go. It looks like security is no longer only about technology, but that it is also about gaining the user’s trust. At Mindomo, we are always committed to meeting the requirements of our customers, and we are working hard every day to maintain their trust in our product and in our services. Longevity and stability is core to our mission at Mindomo.

Want to know more?

Please contact us at support@mindomo.com if you have any other security questions and we’ll get back to you as soon as possible.