Security at Mindsmith

Mindsmith is dedicated to creating the future of learning. As such, we commit to providing a secure and highly available platform in order to help organizations facilitate learning. This document highlights the steps we take to ensure the security of you and your learners.

Protecting Customer Data

Mindsmith respects your privacy and the privacy of your learners by implementing industry-standard best practices in security. Mindsmith’s underlying systems are hosted by Amazon Web Services (AWS), a global leader in data protection.

Learn more about the security and compliance of our underlying systems.

Your data is not used to train or improve AI models. See Open AI API usage policies.

Access Controls

Mindsmith maintains strict policies ensuring the privacy of our customers. Developers are only allowed access to data to fix issues and improve the service. Security and compliance trainings are held annually; we thoroughly vet and train new members on security best practices and policies.

Physical Security Controls

Mindsmith servers are located in SOC 1, SOC 2 and ISO 27001-certified data centers in the United States. Mindsmith’s underlying data centers are safeguarded by round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

Network and System Security

When you visit the Mindsmith website or use the Mindsmith platform, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. Transmission of data between our servers is also protected by 256-bit TLS encryption. At rest, Mindsmith encrypts data using AES-256.

Secure Architecture

Mindsmith uses a serverless architecture which eliminates many infrastructure management risks. All security updates, vulnerability testing, and firewalling are managed by our underlying infrastructure provider, AWS.


Mindsmith thoroughly tests for security vulnerabilities with our endpoints in a separate environment before they are deployed to production.

Data Storage

Mindsmith uses state of the art techniques and services to ensure high availability of our services even if a disaster were to occur.

High Availability

Mindsmith’s serverless architecture means that our endpoints are highly resilient to server crashes and outages. State-of-the-art database sharding is used to provide high availability and access to data even in the event of multiple system failures.

Backups and Redundancy

We store all data across multiple centers to ensure high availability and reliability. All production data is backed up daily; backups are encrypted and stored in various locations and retained for two days.


FERPA Compliance

Mindsmith has taken the necessary steps to be compliant with United States regulations regarding educational data. Mindsmith can integrate with learning systems anonymously with no need to transfer personally identifiable information (PII) of learners.

Additional Questions or Concerns

Please send any inquiries regarding security or compliance to