Security & Trust
Learn about GuidedMind's security practices, data protection, and compliance status.
Our Commitment to Security
At GuidedMind, security is not an afterthought — it's foundational to everything we build. Our platform is designed and operated following industry-standard security frameworks, with SOC 2 Type II compliance currently in progress. All required security controls are already implemented and operational. We are currently awaiting the final audit verdict from our independent auditing firm.
SOC 2 Compliance Overview
SOC 2 Type II is an industry-standard report that evaluates how a service provider manages your data across security, availability, processing integrity, confidentiality, and privacy criteria.
Current Status
All required security controls are implemented and in place. Our SOC 2 Type II audit is currently in progress with an independent auditing firm, and we will publish our audit results upon completion.
Trust Service Criteria
We address the following areas:
- Logical Access Controls — Who can access your data and how
- Authentication — How we verify user identity
- Authorization — How we enforce access permissions
- Encryption — How we protect data at rest and in transit
- System Monitoring — How we detect and respond to security events
- Incident Response — How we handle security incidents
Security Controls Summary
| Security Domain | What We Do |
|---|---|
| Authentication | Secure session management with industry-standard OAuth providers and token-based authentication |
| Data Encryption | Enterprise-grade encryption for data at rest and in transit |
| Access Control | Role-based access control with principle of least privilege |
| API Security | Secure API key management with hash-based storage and rotation support |
| Network Security | TLS encryption for all data in transit |
| Monitoring & Logging | Comprehensive audit logging and security event monitoring |
| Incident Response | Documented incident response procedures with defined escalation paths |
| Vulnerability Management | Regular security scanning, dependency monitoring, and patch management |
Data Protection
Your data is encrypted both in transit and at rest using industry-standard encryption protocols. Each customer's data is logically isolated, ensuring strict separation. We never use your data for model training without your explicit consent.
Data Lifecycle
- In Transit: All data is encrypted using TLS
- At Rest: Database and storage encryption enabled
- Isolation: Customer data is logically separated
- Retention: Clear data retention and deletion policies
- Privacy: No data used for model training without consent
Security Architecture
Our architecture follows a defense-in-depth approach with multiple security layers protecting your data at every stage. Each layer provides independent protection, ensuring that no single point of failure compromises your information.
Compliance Status
| Standard | Status |
|---|---|
| SOC 2 Type II | In Progress — All controls implemented, awaiting audit verdict |
We are committed to maintaining the highest security and compliance standards. Our SOC 2 Type II audit is currently in progress, with all required controls already implemented and operational. We will publish our audit results upon completion.
Security Best Practices for Customers
While we implement comprehensive security measures, security is a shared responsibility. We recommend the following best practices to maintain the security of your account:
- Use strong, unique passwords for your account
- Rotate API keys regularly
- Monitor your account for unusual activity
- Report security concerns immediately
Security Contact and Responsible Disclosure
If you discover a security vulnerability in our platform, we encourage you to report it responsibly. We take all security reports seriously and commit to responding promptly.
Contact: security@guidedmind.com
We appreciate good-faith security research and will not pursue legal action against researchers who follow responsible disclosure practices.