Enterprise security

Enterprise plans include the security and compliance tooling expected at organisations with formal IT, legal, or compliance review. This page summarises what's included.

Single sign-on (SAML)

Enterprise customers can connect their identity provider (Okta, Microsoft Entra ID, Google Workspace, OneLogin, JumpCloud, and any SAML 2.0-compliant IdP) for single sign-on. Once configured:

Members sign in with their corporate credentials — no separate MindWeaveBoard password.
Sign-out from the IdP terminates the MindWeaveBoard session.
New members can be auto-provisioned on first sign-in (JIT provisioning) or via SCIM (below).

Setup happens during onboarding with your account contact. We provide the IdP-side metadata and walk through the configuration on a screen-share.

SCIM provisioning

For organisations that prefer central directory management, MindWeaveBoard supports SCIM 2.0 for automated provisioning and deprovisioning:

Users created in your IdP are created in MindWeaveBoard.
Group memberships in the IdP map to MindWeaveBoard organisation roles.
Deactivating a user in the IdP immediately revokes their MindWeaveBoard access.

SCIM works alongside SAML SSO; you don't need both, but they're a natural pair.

Audit logs

Enterprise plans get expanded audit-log retention and export:

Retention — 7 years (vs 1 year on Starter/Advanced).
Granularity — every member action, role change, billing event, invitation, and admin policy change.
Filtering — by actor, action type, target, and time range from the Activity panel.
Export — JSON or CSV from Org Admin → Activity → Export. Useful for compliance reviews and SOC 2 / ISO 27001 evidence collection.

You can also stream audit events to your SIEM via webhook (negotiated as part of your contract).

Custom retention

The defaults for board history and audit logs can be extended on Enterprise. Common asks we can accommodate:

Board history kept for the lifetime of the organisation.
Audit logs streamed to an external archive immediately after creation.
Soft-delete grace window extended beyond 30 days.

Data residency

MindWeaveBoard data lives in the European Union (Germany) by default. Enterprise customers with stricter residency requirements can negotiate alternative regions during contract setup — primarily for customers based in markets with formal in-country data requirements.

White-labelling

Replace the MindWeaveBoard logo, accent colour, and product name in-app for your organisation. Custom domains (e.g., boards.your-company.com) are negotiated separately as part of the Enterprise contract.

Dedicated support

Enterprise customers get:

4-hour first-response SLA with extended business-hour coverage (or 24/7 by contract).
24-hour resolution SLA on standard issues.
A dedicated account contact who knows your environment.
Quarterly account reviews covering usage, roadmap, and any open security topics.

See SLA by plan for the full target matrix.

Security review documentation

For procurement teams, we provide:

Penetration test summary (annual, third-party).
Architecture overview suitable for review under NDA.
Subprocessor list, kept current.
DPA (Data Processing Agreement) template — see GDPR compliance.
SOC 2 Type II report — in progress, available to Enterprise customers under NDA.

Compliance certifications

GDPR — full compliance for EU-resident data and EU customers. See GDPR compliance.
ISO 27001 — our infrastructure provider is certified. We're working on our own certification.
SOC 2 — Type II audit in progress.

Data hosting and privacy — the baseline that everyone gets.
GDPR compliance — the legal posture.
Two-factor authentication — also available on Starter and above.
Enterprise inquiries — get the conversation started.

Enterprise security ​

Single sign-on (SAML) ​

SCIM provisioning ​

Audit logs ​

Custom retention ​

Data residency ​

White-labelling ​

Dedicated support ​

Security review documentation ​

Compliance certifications ​

Related ​