Security
Security Overview
Minefy is designed around tenant-isolated customer workspaces, organization-based authentication, role-based access control, private storage, audit logging, encrypted transport, and production configuration checks.
Last updated: 20 May 2026
Approach
Security approach
Minefy's security approach is based on:
- Tenant-isolated customer workspaces.
- Organization-based authentication.
- Role-based access control.
- Private storage controls.
- Encrypted transport.
- Audit logging and security logging.
- Monitoring and production configuration checks.
- Controlled access to customer data.
- Customer-controlled user invitations and roles.
- Noindex controls for app, admin, and API surfaces.
- Human review of planning and AI-assisted outputs.
Minefy's security practices, controls, and infrastructure may evolve as the service develops, customer requirements change, and new risks are identified.
Isolation
Customer workspace isolation
Customer workspaces are intended to be logically separated by organization and access permissions. Users may access only the organizations, workspaces, and data for which they have been authorized.
Minefy applies access controls intended to prevent one customer organization from accessing another customer organization's data.
Access
Authentication and access control
Minefy uses Auth0 for authentication and identity-related functionality. Access rights may be based on organization membership, user role, workspace permissions, administrative privileges, and customer configuration.
Customers are responsible for managing their own users, invitations, roles, internal approvals, and offboarding processes.
Data
Encryption, storage, and logging
Minefy uses encrypted transport for communications with the service. Customer data is stored using private and access-controlled infrastructure.
Minefy may maintain logs for authentication events, access events, administrative actions, security events, errors, system health, auditability, and troubleshooting. Logs are used to maintain service reliability, investigate incidents, detect suspicious activity, and support customer security needs.
AI
AI security and data minimization
When AI-assisted features are used, relevant prompts, planning context, workspace information, and related data may be sent to OpenAI to generate the requested output.
Minefy aims to limit AI requests to the context reasonably needed for the requested assistance. Customers should configure internal policies for AI use and avoid submitting unnecessary sensitive personal data, legally restricted information, or highly confidential safety-critical data through AI prompts unless approved under the customer's own policies.
Indexing
Public indexing
Minefy's public marketing website may be indexable by search engines. Customer tenant applications, app surfaces, admin surfaces, and API surfaces are not intended for public indexing.
Minefy uses noindex controls for non-public app, admin, and API surfaces where appropriate. Noindex controls are not a substitute for authentication, authorization, or access control.
Reports
Security reports
Security reports can be sent to: [email protected].
Please include enough detail to reproduce and understand the issue, such as affected URLs, steps to reproduce, expected and actual behavior, and potential impact. Do not access, modify, delete, copy, or disclose customer data when reporting a security issue. Do not perform disruptive testing without written authorization.