Compliance

Compliance & Trust

Our commitment to data protection, regulatory compliance, and operational transparency.

Last updated: February 16, 2026

MineSync is an early-stage B2B platform serving mining operations. We are building our compliance program alongside the product — this page reflects our current practices and our roadmap for formal certifications.

Current Security Practices

Encryption in transit (TLS 1.2+) and at rest (AES-256)

Role-based access control with tenant-level isolation

Audit logging on all data mutations

Automated database backups with point-in-time recovery

Input validation at all API boundaries (tRPC + Zod)

Secure authentication via NextAuth.js

Dependency vulnerability scanning

72-hour breach notification commitment

Certification Roadmap

We are working toward formal certifications as our customer base and platform mature. Here is our planned timeline:

SOC 2 Type I

Security, availability, and confidentiality trust service criteria

Planned

SOC 2 Type II

Ongoing operational effectiveness audit

Planned

ISO 27001

Information security management system certification

Future

Data Privacy Regulations

GDPR

European Union

We process EU personal data in compliance with the General Data Protection Regulation. International transfers are protected by Standard Contractual Clauses (SCCs). Data subjects can exercise their rights by contacting privacy@minesync.ai.

CCPA / CPRA

California, US

California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Requests can be submitted to privacy@minesync.ai.

Data Residency

All Customer Data is stored in the United States. Our primary database runs on Neon in the US-East-1 region, and our application is served globally through Vercel's edge network. International data transfers for EU users are protected by Standard Contractual Clauses (SCCs).

Subprocessors

The following third-party providers process data on our behalf to deliver the MineSync service:

Provider	Purpose	Location
Vercel	Application hosting, edge delivery, and serverless functions	United States
Neon	Managed PostgreSQL database with automated backups	United States
Anthropic	AI language model provider for the AI Chat feature	United States

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) that covers GDPR and CCPA requirements. Contact legal@minesync.ai to request a copy.

Need Compliance Documentation?

We're happy to support your vendor review process with security questionnaires, architecture diagrams, or a call with our team.

Current Security Practices

Encryption in transit (TLS 1.2+) and at rest (AES-256)

Role-based access control with tenant-level isolation

Audit logging on all data mutations

Automated database backups with point-in-time recovery

Input validation at all API boundaries (tRPC + Zod)

Secure authentication via NextAuth.js

Dependency vulnerability scanning

72-hour breach notification commitment

Certification Roadmap

We are working toward formal certifications as our customer base and platform mature. Here is our planned timeline:

SOC 2 Type I

Security, availability, and confidentiality trust service criteria

Planned

SOC 2 Type II

Ongoing operational effectiveness audit

Planned

ISO 27001

Information security management system certification

Future

Data Privacy Regulations

GDPR

European Union

CCPA / CPRA

California, US

California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Requests can be submitted to privacy@minesync.ai.

Provider

Purpose

Location

Vercel

Application hosting, edge delivery, and serverless functions

United States

Neon

Managed PostgreSQL database with automated backups

United States

Anthropic

AI language model provider for the AI Chat feature

United States