The security of your data is of paramount importance to us. As software vendors and experienced practitioners ourselves, we understand the need for ensuring isolation and security for multiple reasons, to secure your information and also to ensure a uniform quality of service to all our customers. That is why we implement multi-level security measures, as outlined in this document, to protect our customers' information.
We store your data in various appropriate repositories depending on the data - we store transactional data in an Oracle database, attachments in S3 and we use memcached for temporary data. Wherever we store your data, we always isolate it from the data of other users. Sharing is great for carpooling but not when it comes to your project data. So each customer gets their own database schema to ensure that their data is never commingled with someone else's. And whenever we store data that needs to be long lasting we always backup your data so that it can be recovered in the event of a disaster.
We host Mingle on Amazon's AWS infrastructure which means you can be assured that your data is housed at some of the most secure data centers in the world. Amazon's data centers have many security certifications. You can find out more about Amazon's security here: http://aws.amazon.com/security/ Public network traffic is restricted to secure http connections only against our load balancers. There is no direct public access to the application servers, database or other core services.
Having a secure network is little value if the information you send us can be compromised. To keep your data safe during transmission, all data between your browser and server are transmitted using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure internet network connections.
Our backup and restore processes are designed to cope with large-scale failures or errors. We store data in AWS's database service (RDS) and their storage service (S3). RDS has a built-in back-up mechanism, which we use, that allows us to restore from any point in time in the last week. S3 is intrinsically reliable and AWS promise 99.999999999% durability.
Your access to Mingle will happen over a secure channel and any communication between your browser and Mingle will be secure. Each user has a unique user account and each project has specific project permissions that are granted by your Mingle administrators. For an overview of the roles that available and how they are applied please see: /mingle/docs/user_roles.html. Mingle's database authentication encrypts passwords using SHA2 and a per user salt to ensure that your passwords are also safe with us.
Global business never sleeps so we built a system that's up more than 99% of the time. We believe in transparency so we've created a page where you can see our uptime for yourself: http://www.thoughtworks.com/mingle/status/ We perform regular system upgrades to make sure that you always have the most recent features and security updates. Under normal circumstances you won't notice any downtime during a system upgrade. However, there are occasions when we need to schedule downtime for major upgrades and maintenance. Currently we reserve a 15 minute window each Friday at 9pm Pacific Time for major upgrades. Upgrades that require scheduled downtime are rare so it is unlikely that we will use this time window but rest assured that we will provide notice well in advance of any scheduled downtime.
Our infrastructure is updated regularly with the latest security patches. Our web application also undergoes yearly web application security audits. A copy of our most recent web application security audit is available on request.
Have you noticed any issues with your site? Please contact our support team to report any issues.