Trust Center
Security & Transparency
We hold ourselves to the same standard of transparency we ask our clients to demand from their vendors.
Mindlapse is an AI-native Cyber-GRC platform for large enterprises. We connect cybersecurity governance to real operational data, moving organizations from declarative compliance to verified, evidence-based governance.
We co-build the platform with a collective of 25 CISOs from major French enterprises (Cyber Collective Lab). The transparency we help them demand from their vendors, we practice ourselves.
Qualified Bpifrance Deeptech and Innovative Company (JEI), Mindlapse is founded by Hervé Rousseau (CEO), Christophe Longuepez (CTO) and Julien Beuvelet (COO).
Security posture
Updated March 21, 2026
Detection & resilience
- Formal incident management and notification processes
- Documented business continuity and disaster recovery plan (BCP/DRP)
- Continuous security event monitoring
- Escalation protocol for critical severity incidents
Exposure & remediation
- Continuous monitoring of CVEs and security advisories
- Critical patches applied within 24 hours
- Annual independent security audit
- Latest pentest: March 2026, available on request
Identities & access rights
- MFA mandatory on all critical systems
- Least privilege enforced at all times
- Individual named accounts, no shared credentials
- Access rights reviewed every six months
- Centralized identity management (IAM) in production
Perimeter & segmentation
- Network segmentation and active filtering on exposed environments
- Operational DDoS mitigation
- TLS 1.2+ encrypted traffic and VPN-secured remote access
- Security logs retained for at least 90 days
Endpoints & mobility
- Full-disk encryption on all workstations
- Centrally managed and inventoried device fleet
- DNS protection and anti-phishing deployed
- Critical system patches applied within 72 hours
Code & data
- Data encrypted in transit (TLS) and at rest (AES-256)
- Secure development lifecycle with systematic code review
- Automated vulnerability scanning on every deployment
- Strict separation of dev, staging and production environments
Operational continuity
- Multi-region backups with regular restoration tests
- Change management tracked through CI/CD pipeline
- Documented and up-to-date operational procedures
Governance & awareness
- Information Security Policy (ISSP) maintained and shared
- Acceptable use policy signed by every employee
- Security awareness training mandatory from day one
- Cyber risk mapping reviewed annually
Certifications
Updated March 21, 2026
ISO 27001:2022
Information security management system
In progress, target end 2026SOC 2 Type II
Security, availability and confidentiality (AICPA)
Planned, target 2027Bpifrance Deeptech & JEI
Deeptech qualification and Innovative Company status
GDPR
Updated March 21, 2026
Our practices
- Notification to supervisory authority within 72h of a breach
- Data subject rights exercisable (access, rectification, erasure, portability)
- Consent collected, tracked and revocable at any time
- Records of processing maintained and available on request
- GDPR contractual obligations enforced across all subprocessors
Resources
Subprocessors & technology partners
Updated March 21, 2026
FAQ