MineSync LogoA simple block letter M
MineSync.ai
FeaturesProducts
LoginGet Started
Security

Security at MineSync

We protect your data with industry-standard encryption, strict access controls, and infrastructure-level security.

Last updated: February 16, 2026

Encryption

All data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by our infrastructure providers — Vercel for application hosting and Neon for PostgreSQL database storage — using AES-256.

Authentication & Access Control

User authentication is handled via NextAuth.js with secure session management. The platform enforces role-based access control (RBAC) with granular permissions, ensuring users only access data within their tenant.

Infrastructure

MineSync is hosted on Vercel's edge network with automatic DDoS protection and global CDN distribution. Our database runs on Neon's managed PostgreSQL with automated backups and point-in-time recovery.

Multi-Tenant Isolation

Every database query is scoped to the authenticated tenant. Tenant isolation is enforced at the application layer through middleware and at the data layer through mandatory tenantId filtering on all operations.

Audit Logging & Monitoring

All data mutations are recorded in an audit log with user identity, timestamp, and change details. We use structured logging and monitoring to detect and respond to anomalous activity.

Backups & Recovery

Database backups are performed continuously by Neon with point-in-time recovery support. Backups are stored in a separate geographic region from the primary database.

Application Security

MineSync is built with Next.js and TypeScript, with all API endpoints validated through tRPC and Zod schemas. Input validation is enforced at every boundary to prevent injection attacks. Dependencies are regularly audited for known vulnerabilities.

AI & Data Processing

The AI Chat feature processes queries in real time using third-party AI providers. We contractually prohibit our providers from using your data for model training. Prompts are scoped to the authenticated tenant's data and are not shared across organizations.

Employee Access

Access to production systems is restricted to essential personnel on a need-to-know basis. All production access is logged. We do not access Customer Data unless explicitly requested by the customer for troubleshooting purposes.

Incident Response

In the event of a security incident, we will notify affected customers within 72 hours of confirmation, in compliance with GDPR requirements. Our incident response process includes identification, containment, remediation, and post-incident review.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@minesync.ai. We ask that you give us a reasonable window to address the issue before public disclosure. We do not pursue legal action against good-faith security researchers.

Have Security Questions?

Our team is happy to discuss our security practices, provide documentation for your vendor review, or address specific concerns.

Contact Security Team
MineSync LogoA simple block letter MMineSync.ai

Agentic AI for mine asset management. Transform your fleet operations with intelligent automation.

Request a Demo →

Products

  • Lifecycle
  • Scheduler
  • Benchmark
  • AI Chat
  • Admin

Company

  • About
  • Blog
  • Careers
  • Changelog
  • Contact

Resources

  • Documentation
  • Roadmap
  • Support
  • Status

Legal

  • Privacy
  • Terms
  • Security
  • Compliance

© 2026 MineSync.ai. All rights reserved.

Built with ❤️ for the mining industry