Security
How BuildMind protects your data and blueprints.
Encryption
✓TLS 1.2+ encryption for all data in transit via Let's Encrypt certificates (auto-renewing)
✓HSTS (HTTP Strict Transport Security) enforced — browsers cannot downgrade to HTTP
✓Security headers: X-Frame-Options, X-Content-Type-Options, Referrer-Policy active
Authentication
✓Passwords stored as bcrypt hashes (legacy SHA-256 being phased out — dual-mode support active)
✓Session tokens are 256-bit cryptographically random values
✓Session expiry: 8 hours
✓fail2ban active on login endpoint — 5 failed attempts triggers a 1-hour lockout
✓Admin access is strictly separated from customer access at the session layer
Data Isolation
✓All customer data is namespaced by company — no cross-company data access is architecturally possible
✓Authorization checks on every API endpoint that returns or modifies data
✓Sensitive admin endpoints (billing data, error logs, system info) require admin-level sessions
Infrastructure
✓VPS hosted on Hostinger KVM infrastructure (Lithuania data center)
✓Daily automated backups with 7-day retention
✓Watchdog monitoring with automatic proxy restart on failure (3-second recovery)
✓Firewall (UFW) — only ports 22, 80, 443 exposed externally
✓SSH access via key-based authentication only — password authentication disabled
✓Root login disabled
AI Provider
✓All AI processing via Anthropic's API over encrypted TLS connections
✓We do not use your blueprints to train AI models
✓Anthropic does not retain API inputs/outputs beyond 30 days under their default commercial terms
Vulnerability Reporting
If you discover a security vulnerability in BuildMind, please report it responsibly:
Roadmap
The following items are on our security roadmap. They are not currently in place.
- SOC 2 Type I audit Roadmap
- Two-factor authentication for admin accounts Roadmap
- Customer-managed data export and deletion Roadmap
- UptimeRobot public uptime dashboard Roadmap