Legal
Security
Last updated: July 9, 2026
This page is maintained by SocialMynt to describe the security practices in place for the Service. It is not a certification and does not create additional contractual commitments beyond our Terms and any signed order.
Hosting & infrastructure
The Service runs on reputable cloud infrastructure providers with physical, network, and platform security controls. Application traffic is served over HTTPS with modern TLS. Production data is stored in managed databases with encryption at rest.
Authentication & access
- Passwords are stored as salted, one-way hashes; we never store them in plaintext.
- Access to production systems is restricted to authorized personnel and requires MFA.
- Row-level authorization is enforced so users can only access data associated with their account.
Data protection
- Encryption in transit (TLS) and at rest for stored data.
- Payment credentials are handled by PCI-compliant processors; we do not store full card or bank credentials on our own servers.
- Automated backups with tested restore procedures.
Application security
- Peer code review and automated dependency scanning on every change.
- Environment isolation between development, staging, and production.
- Logging and monitoring for anomalous account and payout activity.
Compliance roadmap
We are actively working toward independent third-party attestations (such as SOC 2). This page will be updated when reports become available; if you need current status for procurement, email security@socialmynt.com.
Report a vulnerability
We appreciate responsible disclosure. Please email security@socialmynt.com with a proof-of-concept and reproduction steps. Please do not publicly disclose an issue until we have had a reasonable opportunity to remediate it. We will not pursue legal action against good-faith research conducted under these guidelines.