Features Pricing About Contact
PL | EN
Log in Get started
About Contact Security Log in

Solutions

Private kindergarten Waitlist system Attendance Parent communication Find institution
Privacy policy Terms GDPR
Bank-level security
| GDPR compliant

Your data is secured with industry-standard encryption

As a platform for Danish kindergartens, we handle sensitive information about children and families. That's why we built Minly with security as a top priority from day one.

AES-256
Encryption
High
Uptime
EU
Data hosting
24/7
Monitoring
GDPR
Compliance
SSL/TLS 1.3
Encrypted
🇪🇺
EU hosting
Germany
ISO 27001
Cert. datacenter
🇩🇰
Danish
Company
Data encryption

AES-256 encryption of sensitive data

All sensitive information about children - allergies, illnesses, medication, and other health data - is encrypted with AES-256-CBC. This is the same encryption standard used by banks, healthcare, and military worldwide.

Encryption at rest
Data is encrypted when stored in the database
Encryption in transit
All communication is via HTTPS with TLS 1.3
Encrypted backups
All backups are fully encrypted
encryption.log

# Children's health data is encrypted automatically

encrypt("allergi: jordnødder")

→ aGVqIHNpZGRlciBkZXIgb2cgbMOmc2VyIGRldHRl...

# Only authorized users can decrypt

decrypt(data, auth_key)

→ "allergi: jordnødder"

# Unauthorized access = unreadable data

unauthorized_access(data)

→ ⛔ aGVqIHNpZGRlciBkZXIgb2cgbMOmc2VyIGRldHRl...

256-bit
Encryption key
Infrastructure

World-class secure infrastructure

Minly runs on professional infrastructure with redundancy, automatic failover, and continuous monitoring.

EU datacenter

All data is hosted in Germany at Hetzner, one of Europe's most secure and reliable data centers. Hetzner is ISO 27001 certified with world-class physical security.

  • ISO 27001 certified datacenter
  • 24/7 physical security
  • 100% green energy

Redundancy and backup

Your data is never at risk. We take automatic backups multiple times daily, and all systems have redundancy to ensure continuity.

  • Daily automatic backups
  • 30 days backup history
  • Automatic failover

High uptime

Minly is available when you need it. Our infrastructure is designed for high availability with continuous monitoring.

  • 24/7 system monitoring
  • Automatic alerts
  • Planned maintenance outside business hours
Administrator
Full access to all features
All permissions
Staff
Daily operations and child overview
Limited
Parent
Only own children's information
Own children only

Institution isolation: Data from each institution is completely separated

Access control

Role-based access control

Not everyone needs access to everything. Minly uses role-based access control (RBAC) to ensure users can only see and do what they need.

Principle of least privilege
Users only get access to what they need
Parent separation
Parents can only see their own children's information
Institution isolation
Data from different institutions is completely separated
Application security

Built with security from day one

Minly is developed with modern security practices and follows industry best standards to protect against known vulnerabilities.

OWASP Top 10

Protected against the 10 most critical security risks incl. SQL injection and XSS

CSRF protection

All forms are protected against cross-site request forgery attacks

Rate limiting

Protection against brute-force attacks and automated threats

Security headers

CSP, HSTS, X-Frame-Options and other security headers enabled

Password security

  • Bcrypt hashing with salt (passwords are never stored in plain text)
  • Strong password requirements
  • Secure password reset via email

Session security

  • Secure session cookies (HttpOnly, Secure, SameSite)
  • Automatic session timeout on inactivity
  • Session renewal on login
Legislation

GDPR and data protection

As a data processor for Danish childcare institutions, we fully comply with the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act. Health information about children is treated as special categories of personal data (GDPR Article 9) with enhanced security measures.

Data processing agreement included
Standard DPA for all institutions
Right to erasure and access
We assist with all GDPR requests
Fast breach notification
Notification in accordance with GDPR requirements
Read more about GDPR compliance
Data Processing Agreement
Standard DPA template

Includes:

  • Purpose and nature of processing
  • Categories of personal data
  • Technical security measures
  • Sub-processors
  • Terms upon termination
Request data processing agreement

Frequently asked questions about security

Here you'll find answers to the most common security questions

Where is our data stored?
All data is stored securely in the EU - specifically at Hetzner in Germany. Our datacenter is ISO 27001 certified and has the highest standards for physical and digital security. Data never leaves the EU.
How is children's health data protected?
All sensitive health information (allergies, illnesses, medication) is encrypted with AES-256-CBC - the same encryption standard used by banks and healthcare. Even with unauthorized database access, data is unreadable without the encryption key.
Can parents see other children's information?
No, absolutely not. Minly uses strict role-based access control. Parents can only see information about their own children. Additionally, each institution's data is completely isolated, so there is never a risk of seeing data from other institutions.
What happens in case of a security breach?
We have a clear contingency plan: 1) Immediate containment of the breach, 2) Fast notification of affected institutions in accordance with GDPR, 3) Assist with reporting to the Data Protection Agency if required, 4) Thorough post-analysis and improvement of security measures.
Do you backup our data?
Yes, we take automatic backups multiple times daily. All backups are fully encrypted and stored for 30 days. If needed, we can restore data to an earlier point in time. Backups are stored on separate servers within the EU.
Does Minly comply with GDPR?
Yes, Minly fully complies with GDPR. We offer standard data processing agreements to all institutions, assist with access and deletion requests, and comply with all security and documentation requirements. Read more about our GDPR compliance.

This page provides an overview of our security measures. Detailed security specifications and obligations are set out in the data processing agreement and our terms of service. Minly uses sub-processors including Hetzner (hosting) and Postmark (email), all with EU-based data processing.

Security is our foundation

Do you have questions about our security?

We are always ready to answer questions about security, data protection, and compliance. Contact us for a non-binding conversation.

Contact us Read GDPR documentation