Main Menu
minware logo
Product
Resources
Log In
Sign Up
Overview
Self-Guided Demo
Data Platform
Custom Reports
minQL Language
minQL Tables
minQL Functions
Time Model
Other Built-in Reports
Time Allocation
Sprint Trends
Scorecard
Sprint Insights
Predictive Roadmap
Use Cases
Cost Capitalization
Adoption Guide
Plan Template
Source Integrations
CI/CD
Azure DevOps
GitHub
GitLab
On-Premise Agent
Tickets
GitHub Issues
Jira
Git
Azure DevOps
Bitbucket
GitHub
GitLab
Google Calendar
Account Configuration
SAML/SSO
Security & Privacy
How We Access and Store Data
Secure From Day One
Compliance and Policies
Competitors
Home
Documentation
Security & Privacy

Security & Privacy

How We Access and Store Data

For minware to access your data, you start by installing a marketplace application (available for GitHub and Jira) or providing minware with an access token (for other data sources).

minware then runs an ingest task that connects to vendor APIs, reads raw data, transforms it, and stores it in our Snowflake data warehouse.

For enterprise customers, an on-premise ingest agent is available that will upload data to a shared storage location so that access tokens never leave your network and you don't need to open up the firewall to self-hosted services.

Finally, you can access your data through reports in the minware web application.

Secure From Day One

minware was designed and built securely from day one. It is our obligation to protect our customers' sensitive data with the same level of care that they do and not expose them to additional risk.

We also understand that compliance frameworks like SOC 2 are only a starting point. We are committed to securing your data above and beyond what is required for compliance by:

  • Using modern frameworks and languages like Typescript, React, and GraphQL that protect against many common vulnerabilities.
  • Delegating authentication to auth0, which provides best-in-class authentication security.
  • Walling off each customer's data in its own schema in our data warehouse (Snowflake). This makes it easy to perform authorization checks at the schema level and delete all data with a single query to ensure that your data remains private.
  • Storing API secrets in encrypted vaults that cannot be accessed from the web application after they are initially written and can only be read by ingest tasks.
  • Hashing source code during the ingest process so that we never store your source code in our systems.
  • Following all the other standard security best practices, like locking down admin access to production and using least-privilege firewall rules that block network access to databases and API ingest tasks.

If you would like more details about our architecture, please contact us and we are happy to share.

Compliance and Policies

Our security and privacy practices follow the widely accepted SOC 2 compliance framework.

SOC Logo

We have completed a SOC 2 type 2 audit and certification.

A detailed system description of minware including a list of our subservice providers is available here. Our SOC 2 type 2 report is available here.

Additionally, our privacy policy describes how we store and use personal data.

Please contact us if you would like more detailed information about our security policies or compliance reports.

minware logo
Home
Pricing
About
Contact
Blog
Self-Guided Demo
Documentation
Security & Privacy
Reports by Category
Careers
© 2024 minware, Inc.
TermsPrivacy Policy