Security
Mina Pro handles sensitive mortgage and borrower data. Security is built into how the platform is designed, hosted, and operated. This page summarizes our practices.
Infrastructure
The platform runs on Amazon Web Services in the United States. We use managed AWS services for compute, storage, and databases, benefiting from the physical and environmental security of AWS data centers. Infrastructure is defined as code and deployed through controlled, repeatable processes.
Encryption
- In transit: all traffic to the platform is encrypted using TLS.
- At rest: data stored in our databases and document storage is encrypted at rest.
- Documents: uploaded loan documents are stored in access-controlled object storage.
Authentication and access control
User authentication is managed through Amazon Cognito, supporting email and password sign-in and federated sign-in. Access to data within the product is governed by organization membership and role-based permissions, so users see only the loan files appropriate to their role. Backend authorization is enforced on every request using verified identity tokens, independent of client-side controls.
Tenant isolation
Mina Pro is multi-tenant. Each organization’s data is logically separated, and requests are scoped to the requesting organization so that data is not shared across tenants.
Monitoring and logging
We log application and infrastructure activity and monitor for errors and anomalous behavior. Audit history is maintained for key actions on loan files to support traceability.
Secrets and credentials
Application secrets and third-party credentials are stored in a managed secrets service rather than in code, and access is restricted to the systems that require them.
Data handling and privacy
How we collect and use data is described in our Privacy Policy, and how we process data on behalf of customers is described in our Data Processing Addendum. We do not use borrower loan data to train general-purpose AI models.
Responsible disclosure
We welcome reports from security researchers. If you believe you have found a vulnerability, please email security@minapro.io with details so we can investigate. Please do not access or modify data that does not belong to you, and give us a reasonable opportunity to remediate before public disclosure.
Contact
For security questions, contact security@minapro.io.
