Security & Compliance

Built to protect the data venues trust us with.

Venue operational data — staff hours, financial performance, supplier pricing, CCTV analysis — is sensitive. We treat security as a foundational requirement, not a feature.

TLS 1.3 Encryption in Transit

All data transmitted between your systems and Minnie is encrypted using TLS 1.3. No data travels unencrypted.

AES-256 at Rest

All stored data is encrypted using AES-256-GCM. Keys are managed separately from data and rotated on schedule.

UK Data Residency

All venue data is stored on UK-based servers only. Data never leaves UK jurisdiction under any circumstances.

Role-Based Access Control

Access to venue data within Minnie is controlled by role. Staff see only what their role permits. All access is logged.

Audit Logging

Every administrative action on your account — data access, setting changes, report generation — is logged with timestamp and user ID.

GDPR Compliance

Minnie is operated in full compliance with UK GDPR and the Data Protection Act 2018. A Data Processing Agreement is provided at onboarding.

CCTV & Biometric Data Policy

Retention Period

Live CCTV footage processed by Minnie for AI analysis is not stored by Minnie. Frame-level analysis (drinks reconciliation, speed of service, consistency checks) is performed in real time and discarded immediately after processing. Flagged events are retained as timestamped alert logs — no video footage is stored on Minnie's servers. Raw footage storage is the venue operator's responsibility under their own data retention policy.

Facial Recognition

Processed at the point of entry detection only. No biometric templates are retained beyond the active session. Matches generate an alert log (timestamp, camera reference, confidence score) with no associated imagery. Legal basis: legitimate interests under Article 6(1)(f) UK GDPR. A Data Protection Impact Assessment (DPIA) is required before activation.

Venue Operator Responsibilities

Venues are the data controller for all footage captured on their premises. Venues must: display appropriate CCTV and biometric processing signage; register with the ICO if processing biometric data; complete Minnie's DPIA questionnaire before the facial recognition module is activated; maintain their own footage retention and deletion schedule.

Security Roadmap

  • Multi-factor authentication (MFA) — in development
  • SSO / SAML integration for enterprise groups
  • SOC 2 Type II certification — planned
  • Penetration testing — scheduled quarterly

Questions about our security posture?

info@minnieplatform.com