MinuteBox is more than Software as a Service

MinuteBox safeguards your information with enterprise-grade encryption, strict access controls and continuous monitoring. All data is stored in secure, compliant cloud environments and protected by regular third-party audits. We follow industry best practices to ensure your data remains private, reliable and accessible only to authorized users.

At MinuteBox, our philosophy is to build tools and services that exceed industry standards and expectations. We don't cut corners—when we talk about security, we mean much more than preventing unauthorized users from accessing your data. Security means ensuring you can access your data when and where you need it, without concern about data loss or accessibility.

We ensure the integrity of your data and information throughout the entire lifecycle of our end-to-end solution. This includes secure storage, reliable accessibility, protection against data loss and maintaining data integrity from the moment it enters our system until you no longer need it.

Every aspect of MinuteBox begins with security in mind. Our security features include: end-to-end security, SOC-2 cloud hosting, HTTPS content security policy, FIDO/U2F authentication, multi-factor authentication, BoringSSL encryption, DMARC email validation, DomainKeys Identified Mail (DKIM) and a vulnerability disclosure stipend program. Some security features are only available with a Service Level Agreement (SLA).

Industry-leading data security begins long before we ever look at bits and bytes. We've created a strong foundation from the moment we first encounter your confidential data. Redundant, independent and arms-length safeguards help keep your data secure. This includes our Information Security Policy which creates strong data practices and procedures, dedicated security professionals and regular third-party audits to ensure data is protected from threats.

MinuteBox maintains SOC 2 Type II, ISO 27001, ISO 27017 and ISO 27018 certifications for managing information risks, controlling cloud-based information security and protecting personally identifiable information. These certifications ensure security, availability, processing integrity, confidentiality and privacy controls. Our infrastructure is built on Google Cloud Platform, which provides additional world-class security and highly secure data centres.

We conduct advanced, independent security testing across our entire platform. This includes automated penetration tests, a comprehensive Content Security Policy that leaves no HTTPS security header overlooked and RSA 2048-bit SSL certificates that receive an A rating from Qualys SSL Labs.

Great platform security depends on great user security. At MinuteBox we employ the strongest standards for user identification and verification, including multi-factor authentication, FIDO hardware key support and granular user permissions to control access at every level.

Great data security necessarily requires great data integrity. At MinuteBox, we take great strides to ensure your data is not only always secure but also always available. We offer guaranteed 99.9% uptime with industry-leading fault tolerance and the highest levels of service availability. Our Information Security Policy ensures the security of data at every step of the process, detailing every aspect of how MinuteBox interacts with your sensitive data. Our advanced Audit Logging features monitor and track every change on our platform in a secure and immutable audit trail.

There's no point in securing your data if you cannot access it. At MinuteBox, we've developed mechanisms to ensure the highest levels of data accessibility so you can work when and where you want. Our comprehensive Disaster Recovery Policy ensures that MinuteBox is up, running and accessible when you need it, even when disaster strikes.

You are in complete control of your data. All data is encrypted at rest and in transit. Our granular user permissions allow you to add and control users with limited privileges, and our advanced sharing technology lets you securely share any document or piece of information with selected individuals.

Every employee at MinuteBox is screened in advance of employment. Our screening process includes background checks, employment verification, education verification and reference verification.

Yes, MinuteBox employs a Vulnerability Disclosure Program (VDP) designed to encourage security researchers to disclose system vulnerabilities directly to us. We operate a stipend program to show our appreciation to researchers who responsibly disclose vulnerabilities. If you believe you've discovered a security bug, please contact our security team. We request that you not publicly disclose the issue until it has been addressed. The scope of this program is the MinuteBox app and does not include marketing pages or third-party applications. Restrictions apply: we only provide a stipend to the first person to responsibly disclose a bug, bugs publicly disclosed without reasonable response time are not eligible, stipend amounts are at our discretion, testing must not violate any laws, we cannot provide stipends to residents of countries under Canadian or U.S. sanctions and you will be required to sign an acknowledgment form. Additional terms apply—please inquire with our security team.

You can perform your own Cloud Security Audit on MinuteBox. Look for an A grade or above on securityheaders.com and Qualys' ssllabs.com. We encourage you to start with MinuteBox.com to see what the results should look like and compare against other vendors.