Security Overview

Last Updated: Ocober 14, 2019

Keeping user data safe and secure is a huge responsibility and a top priority for us. We are working hard to protect our users from the latest threats. This guide offers you an insight into the steps and measures that are being undertaken in order to prevent, detect, and respond to information security, disaster protection, and recovery plans.
The role of our system security programme is to protect our users’ information by reducing the risk of loss of confidentiality, integrity, and availability of that information to an acceptable level.

Data protection and privacy

Data Location

Our primary data centers are in the European Union, more specifically in Germany. We also use Amazon AWS (Ireland) for backups. All data is written to multiple disks instantly, backed up daily and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.

A daily backup of all Mindomo data is encrypted using GPG and stored at Amazon in Ireland. Also, any user can opt to use the Google Drive, Dropbox and FTP integrations to backup his/her data. So, he/she can connect their Mindomo account with their Google Drive, Dropbox and/or FTP account and perform a daily backup of all mind maps.

Encryption in transit and at rest

Over public networks, we only send data using strong encryption. We use SSL certificates issued by Comodo RSA, RapidSSL CA. The connection uses 256 bit for encryption. You can check our currently supported ciphers here:
Files and mind map data and messages aren’t encrypted at rest — they are active in our database and are subject to the same protection and monitoring as the rest of our systems. User passwords are hashed using bcrypt. Passwords created before Aug 2019 which were not updated are hashed using MD5.

Physical Security

Our state-of-the-art servers are hosted at, a professional and secure data center located in the heart of Nuremberg and in Falkenstein/Vogtland, Germany. Hetzner Online's two data center parks provide an excellent and environmentally-friendly infrastructure for our product. Multi-redundant network connections to important Internet exchanges ensure fast website access. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides extra protection against unauthorized entry and security breaches.

The data center is protected by video-monitored high-security perimeter fencing around the entire data center park:

Power Supply:

Climate Control:

DDoS Protection

Data deletion

All your content will be inaccessible immediately upon erasing. Within 30 days, all Mindomo content will be permanently deleted from all backups and logs. This information can not be recovered once it has been permanently deleted. Our backups are stored off-site for a maximum of 30 days and our logs are kept for a maximum of 30 days.

Disaster Protection and Recovery

Load balancer

In order to ensure high availability in case of an imminent disaster, Mindomo provides load balancer failover capability. If one of the configured load balancers fails, the IP address is transferred to a new backup load balancer. External system services are used to manage the transfer of the IP address from the failed load balancer to the new load balancer node.

Application layer

The load balancer distributes the load of users to different application servers. Application servers are checked by the load balancer and if one of them fails, the load balancer re-routes users to an application server which is available. This mechanism is automatic and doesn't require user intervention.

Database layer

We use three types of data storage, which ensures safe and timely access to the user-generated content. We use an in-memory datastore for fast loading of user data, a MySQL database and a Cassandra cluster.

MySQL is configured with a Master-Slave architecture. If the master node fails, there is a procedure to reroute the traffic to one of the slave databases which hold the full copy of the master database.

By design, Cassandra is replicated and fault tolerant.

Systems Monitoring

Website performance monitoring

For website performance monitoring we use Pingdom Our public status page for uptimes and response times is available at

System monitoring

System monitoring is provided by Prometheus , a powerful monitoring tool that detects and alerts our system administrators before they affect end-users and customers.

By using Prometheus, we:

How the monitoring system works:

System Administration

Due to all the sensitive data stored, our cloud system conforms to the following requirements:

1. System access only possible with public-key authentication.

2. Each system uses the safest ciphers and key algorithms available.

3. Each system uses strict firewall rules.

4. We employ processes to ensure timely removal of a person’s access once that access is no longer required.


Over the past 10 years, we’ve seen many companies come and go. It looks like security is no longer only about technology, but that it is also about gaining the user’s trust. At Mindomo, we are always committed to meeting the requirements of our customers, and we are working hard every day to maintain their trust in our product and in our services. Longevity and stability is core to our mission at Mindomo.

Want to know more?

Please contact us at if you have any other security questions and we’ll get back to you as soon as possible.