Security at Mino
Your documents contain the most sensitive information your clients will ever share. We built Mino knowing that a single breach could end careers. Here’s exactly how we keep that from happening.
The Short Version
Microsoft Azure EU deployment
Your data lives on isolated European servers, processed by OpenAI models deployed through Azure—completely separate from public ChatGPT.No training, ever
Your documents and timelines are never used to train AI models. This isn’t negotiable. It’s contractually guaranteed by our Azure deployment.You control access
Row-level security means every database query requires authentication. Share timelines with view-only links that expire when you choose. Add two-factor authentication for extra protection.On-premise option available
Need air-gapped systems? We can deploy Mino on your infrastructure. Talk to us about enterprise requirements.
How It Actually Works
Where Your Data Lives
When you upload a document to Thea:
- Files are processed in Azure’s EU data centers — We use a dedicated Azure tenant, a private locked room within Microsoft’s infrastructure. Your files never touch public OpenAI servers.
- AI processing stays isolated — We run OpenAI models (GPT-4, embeddings) through Azure’s OpenAI Service. It’s the same setup used by Harvey, major law firms, and Fortune 500 legal departments.
- Database security — Extracted data (dates, parties, events) is stored in a PostgreSQL database with row-level security. Every read/write checks whether the current user may see that exact row.
What “No Training” Really Means
Consumer ChatGPT: Your inputs can improve the model (unless you’re on Team/Enterprise with data protections).
Mino: Azure OpenAI Service includes contractual guarantees that customer data is never used for training. Your case files stay yours. Microsoft’s documentation →
Authentication and Access Control
Default security:
- Session-based authentication (you’re logged out when inactive)
- Row-level database security on every query
- Encrypted data in transit and at rest
Optional extras:
- Two-factor authentication (SMS or authenticator app)
- Password-protected shareable links with expiration dates
- Custom session timeout rules
The Technical Stack
For your IT team or compliance review:
| Component | Technology | Location | Purpose |
|---|---|---|---|
| AI Models | Azure OpenAI Service (GPT-4, text-embedding-ada-002) | EU West (Amsterdam/Dublin) | Document processing, timeline generation |
| Database | PostgreSQL (via Supabase) | EU | Structured data storage with RLS |
| Hosting | Azure App Service | EU West | Application infrastructure |
| File Storage | Azure Blob Storage | EU | Encrypted document storage |
Security features:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Row-level security (RLS) on all database operations
- OAuth 2.0 authentication
- Optional 2FA (TOTP/SMS)
- Automatic session expiration
- Audit logs (enterprise tier)
Compliance and Certifications
Current status:
- GDPR compliant (EU data processing)
- Microsoft Azure SOC 2 Type II certified infrastructure
- Standard DPA available upon request
Roadmap:
- ISO 27001 certification (Q3 2025)
- SOC 2 Type II audit (Q4 2025)
- Custom BAAs for healthcare/highly regulated firms
On-premise is always an option. Some firms can’t use cloud tools. We built Mino so it can run entirely on your infrastructure. Talk to us about air-gapped deployments.
Common Questions
Is this the same as using ChatGPT Pro?
No. ChatGPT Pro has data protections, but it’s still a consumer product. We use Azure OpenAI Service—the enterprise version designed for regulated industries. Different infrastructure, different guarantees.
Can you see our documents?
Only if you explicitly grant us access for support purposes (and we’ll ask first). Row-level security means our team can’t query your data without permission.
What happens if Mino shuts down?
You can export all your data (timelines, documents, metadata). No lock-in.
Do you sell data to third parties?
No. We’re not an ad business. We make money from subscriptions. Your data has zero value to us beyond making Thea work for you.
For Procurement Teams
Need specific documentation? We have:
- Data Processing Agreement (DPA)
- Subprocessor list
- Pen test results (enterprise tier)
- Architecture diagrams
- Azure compliance inheritance documentation
Email security@mino.legal with your requirements.
Still Have Questions?
- Technical questions: security@mino.legal
- Enterprise deployments: sjors@mino.legal
- General inquiries: hello@mino.legal
We answer within 24 hours. Usually faster.