MindManager is committed to upholding the highest industry standards for privacy and security.
We enforce strict policies and access controls to protect PII, ensuring confidentiality and compliance with regulations.
Our processes cover business continuity, incident and vulnerability management, change control, and regular penetration testing to address risks and ensure reliable service delivery.
We implement SSO and industry-standard authentication protocols to streamline access management and enhance security.
We use advanced encryption for data in transit and at rest, to maintain confidentiality and integrity.
We have comprehensive backup and recovery strategies to minimize data loss and ensure rapid restoration in emergencies.
Our offline solution allows secure access to data in high-security environments, providing a competitive advantage in data accessibility and security.
We are GDPR, SOC 2, and SOC 3 compliant.
For more information on the compliance that comes from our Amazon Web Services (AWS) implementation, you can visit: https://aws.amazon.com/compliance/programs/
Amazon Cognito has the following certifications: HIPAA eligible and PCI DSS, SOC, and ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.
We offer enterprise-grade security features, scalability, and compliance frameworks to confidently meet the diverse needs of large organizations.
No, MindManager can be configured to run entirely offline, allowing you to store all your data locally on your computer or firewall network. While this may be a good option for organizations with higher-security needs, the offline version does not support cloud collaboration features like co-editing, sharing, MindManager Snap, publishing, MindManager Web, or MindManager for Microsoft Teams.
No, but if your organization requires one of these certifications to store data in cloud applications, MindManager can be configured to run entirely offline, allowing you to store all your data locally on your computer or firewalled network. This may eliminate the need for these certifications as your data can be governed under your existing security policies for data in your organization's local network.
See our privacy policy for details on what is stored.
See our privacy policy for details on how we used your account data.
See our security and architecture document for more information.
Yes, many features that could pose a security risk can be individually disabled in the administration interface and/or when deploying the software. This allows your organization to fine-tune the level of risk you wish to take. For example, if your organization only uses Microsoft services, you can disable all cloud storage locations except OneDrive and SharePoint.
MindManager is primarily document-based. MindManager Maps can be stored on local and global network drives.
MindManager also offers secure map storage and sharing via MindManager Files, our integrated cloud storage for MindManager maps. Maps are stored on AWS Frankfurt and AWS Dublin for hot backup and swap over.
In addition, there are third-party integrations with Microsoft SharePoint, OneDrive, Box, Dropbox, and Google Drive. For co-editing, maps are temporarily moved to the MindManager co-editing service (AWS Frankfurt and AWS Dublin for hot backup and swap over). The usage is optional and requires availability and authentication to these platforms.
MindManager Files and third-party integrations can be disabled in the MindManager administration portal.
No, but if your organization requires US-based data centers, MindManager can be configured to run entirely offline, allowing you to store all your data locally on your computer or firewalled network. This may eliminate the need for a US-based data center as your data can be governed under your existing security policies for data in your organization's local network.
Yes, Maps stored in MindManager Files can be saved locally, on global network drives, or through third-party integrations with Microsoft SharePoint, OneDrive, Box, Dropbox, or Google Drive.
A secure multi-tenant environment separates all customer data via AWS. Each tenant's data is identified by ID, and all data is divided based on tenant ID.
Yes, you can set up MindManager to allow sign-in using your existing identity provider. This means your employees' MindManager accounts will adhere to your security policies, including multi-factor authentication (MFA). MindManager supports integration with the following single sign-on (SSO) solutions: Microsoft Entra ID (formerly Microsoft Azure) with OpenID, Google GSuite with OpenID, Microsoft Entra ID (formerly Microsoft Azure) with SAML, and Okta with SAML.
MindManager has a comprehensive disaster recovery plan that includes:
The disaster recovery plan is tested annually. Backups are performed weekly in full and daily as incremental or perpetual incremental backups using an automated system. MindManager employs a hot-standby strategy between two geographically distributed AWS locations in the EU (Frankfurt and Dublin).
Role-Based Access Control (RBAC) controls access to all infrastructure environments. RBAC operates on the principles of least privilege and need-to-know, ensuring that only authorized personnel have the necessary access to perform their job functions.
