At Myncel, we understand that your manufacturing data is sensitive and critical to your operations. We've built our platform with enterprise-grade security at every layer, from infrastructure to application. This page outlines our security practices and commitments.

Infrastructure Security

Cloud Hosting

Myncel is hosted on Amazon Web Services (AWS) and Vercel, both of which maintain industry-leading security certifications including:

SOC 2 Type II
ISO 27001
ISO 27017 (Cloud Security)
ISO 27018 (Cloud Privacy)
CSA STAR

Data Centers

Our infrastructure is distributed across multiple data centers with redundant power, networking, and connectivity. Data centers feature 24/7/365 security, biometric access, video surveillance, and environmental controls.

Data Encryption

Encryption in Transit

All data transmitted between your devices and our servers is encrypted using TLS 1.3 with strong cipher suites. We enforce HTTPS for all connections and use HSTS to prevent downgrade attacks.

Encryption at Rest

All data stored in our databases and file storage systems is encrypted using AES-256 encryption. Encryption keys are managed through AWS Key Management Service (KMS) with automatic key rotation.

Access Control

Authentication

We implement secure authentication practices including:

Password hashing using bcrypt with strong work factors
Multi-factor authentication (MFA) available for all accounts
Single Sign-On (SSO) support for Enterprise plans
Session management with secure, random tokens
Automatic session timeout after inactivity

Role-Based Access Control (RBAC)

Every Myncel organization can assign roles (Admin, Manager, Technician, Viewer) to control who can access, edit, or delete data. This ensures least-privilege access across your team.

Application Security

Secure Development

Secure coding practices following OWASP guidelines
Code reviews required for all changes
Automated security scanning in CI/CD pipeline
Dependency vulnerability monitoring
Regular penetration testing by third-party security firms

Bot Protection

All public forms are protected by Google reCAPTCHA v3, which uses advanced risk analysis to distinguish humans from bots without requiring user interaction.

Data Backup and Recovery

We maintain robust backup and recovery procedures:

Automated daily backups with point-in-time recovery
Backups encrypted and stored in geographically separate regions
Regular backup restoration testing
Recovery Time Objective (RTO): 4 hours
Recovery Point Objective (RPO): 1 hour

Monitoring and Incident Response

Our security operations include:

24/7 system monitoring and alerting
Real-time log aggregation and analysis
Web Application Firewall (WAF) protection
DDoS mitigation
Documented incident response procedures
Security incident notification within 72 hours

Compliance

Myncel aligns with industry standards and regulations:

NIST Cybersecurity Framework

We follow NIST guidelines for manufacturing cybersecurity.

GDPR

We support GDPR compliance for EU customers.

CCPA

We comply with California Consumer Privacy Act requirements.

SOC 2

Working toward SOC 2 Type II certification.

Data Retention and Deletion

We retain your data only as long as necessary:

Active accounts: Data retained for the duration of your subscription
Cancelled accounts: Data deleted within 90 days of termination
Backups: Deleted within 30 days of account termination
Request immediate deletion by contacting support

Responsible Disclosure

We appreciate security researchers who help keep Myncel secure. If you discover a vulnerability, please report it responsibly:

Report Security Issues To:

Email: support@myncel.com

Please include detailed steps to reproduce the issue. We will respond within 48 hours and keep you informed of our progress.

We ask that you do not publicly disclose vulnerabilities until we've had a reasonable time to address them.

Security Contact

For security-related questions or concerns:

General Security Questions:

Email: contact@myncel.com

Security Vulnerabilities: