Security

Audits and monitoring

Minimum has successfully completed a SOC 2 Type II audit without any identified exceptions. We work with a third party to conduct annual penetration tests, assessing the security of our web application and cloud infrastructure.

Authentication

Minimum offers support for Single Sign-On authentication and provides alternative authentication methods including Magic Link authentication via email and password-based authentication.

When storing passwords, we use the bcrypt hashing algorithm along with a unique salt for each password, ensuring security against brute-force attempts and rainbow table attacks.

Data security

We prioritize data security by implementing encryption during data transmission and at rest. Our approach involves TLS 1.2+ to secure HTTP traffic, and AES-256 encryption to protect data stored within Amazon Web Services.

Audit logs

At Minimum, we diligently maintain comprehensive audit logs covering our infrastructure and critical actions within the Minimum product. These logs are meticulously structured and retained for a minimum duration of 30 days.

Secure SDLC

Security is an integral part of our software development process at Minimum. We consider security risks and decisions right from the initial stages of requirements definition and design, continuing through implementation, deployment, and ongoing operations. Our commitment to security is evident in our code review and pull request procedures, which are supplemented by automated scanners that identify vulnerabilities within open source dependencies.