Minefy logo Minefy
Privacy Terms Security AI Notice Contact

Security

Security Overview

Minefy is designed around tenant-isolated customer workspaces, organization-based authentication, role-based access control, private storage, audit logging, encrypted transport, and production configuration checks.

Last updated: 20 May 2026

Approach

Security approach

Minefy's security approach is based on:

  • Tenant-isolated customer workspaces.
  • Organization-based authentication.
  • Role-based access control.
  • Private storage controls.
  • Encrypted transport.
  • Audit logging and security logging.
  • Monitoring and production configuration checks.
  • Controlled access to customer data.
  • Customer-controlled user invitations and roles.
  • Noindex controls for app, admin, and API surfaces.
  • Human review of planning and AI-assisted outputs.

Minefy's security practices, controls, and infrastructure may evolve as the service develops, customer requirements change, and new risks are identified.

Isolation

Customer workspace isolation

Customer workspaces are intended to be logically separated by organization and access permissions. Users may access only the organizations, workspaces, and data for which they have been authorized.

Minefy applies access controls intended to prevent one customer organization from accessing another customer organization's data.

Access

Authentication and access control

Minefy uses Auth0 for authentication and identity-related functionality. Access rights may be based on organization membership, user role, workspace permissions, administrative privileges, and customer configuration.

Customers are responsible for managing their own users, invitations, roles, internal approvals, and offboarding processes.

Data

Encryption, storage, and logging

Minefy uses encrypted transport for communications with the service. Customer data is stored using private and access-controlled infrastructure.

Minefy may maintain logs for authentication events, access events, administrative actions, security events, errors, system health, auditability, and troubleshooting. Logs are used to maintain service reliability, investigate incidents, detect suspicious activity, and support customer security needs.

AI

AI security and data minimization

When AI-assisted features are used, relevant prompts, planning context, workspace information, and related data may be sent to OpenAI to generate the requested output.

Minefy aims to limit AI requests to the context reasonably needed for the requested assistance. Customers should configure internal policies for AI use and avoid submitting unnecessary sensitive personal data, legally restricted information, or highly confidential safety-critical data through AI prompts unless approved under the customer's own policies.

Indexing

Public indexing

Minefy's public marketing website may be indexable by search engines. Customer tenant applications, app surfaces, admin surfaces, and API surfaces are not intended for public indexing.

Minefy uses noindex controls for non-public app, admin, and API surfaces where appropriate. Noindex controls are not a substitute for authentication, authorization, or access control.

Reports

Security reports

Security reports can be sent to: [email protected].

Please include enough detail to reproduce and understand the issue, such as affected URLs, steps to reproduce, expected and actual behavior, and potential impact. Do not access, modify, delete, copy, or disclose customer data when reporting a security issue. Do not perform disruptive testing without written authorization.