Skip to content
Skip to main content
Security Program v2.1.0

Security & Trust

Security isn't a feature; it's our foundation. Explore our comprehensive security program and technical standards.

v2.1.0Last updated: January 13, 2026

Security Update History

v2.1.0Jan 13, 2026
  • Implemented Responsible Disclosure Policy & Bug Bounty Statement
  • Upgraded file deletion logic to DoD 5220.22-M standard
  • Formalized Incident Response process

AES-256 GCM

Military-grade encryption for all file transfers and storage

DoD 5220.22-M Wipe

Files are overwritten before deletion, not just unlinked

Zero-Knowledge

Metadata-only logging. Content never touches long-term storage

Hardened Infrastructure

Hosted on SOC 2 Type II certified edge nodes

TLS 1.3 Mandated

Modern encryption protocols enforced for all traffic

Stateless RAM

Processing happens in ephemeral RAM-only containers

1. Responsible Disclosure Policy

DocMint values the security community. If you believe you've found a security vulnerability, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

What We Ask

  • Provide details of the vulnerability
  • Give us reasonable time to respond
  • Avoid privacy violations or data destruction

Our Promise

  • No legal action for responsible disclosure
  • Acknowledgement in our Hall of Fame
  • Prompt response and triage

2. Incident Response Process

We maintain a rigorous 4-stage incident response process to ensure any security event is handled with professional precision.

01
Identification

24/7 automated monitoring and alerting via edge-guard systems.

02
Containment

Automated isolation of affected processing nodes within seconds.

03
Eradication

Full host wipe and re-provisioning of hardened environments.

04
Recovery

Post-mortem analysis and user notification within 72 hours (if applicable).

3. Bug Bounty Statement

DocMint currently operates a private bug bounty program. We reward researchers who discover critical vulnerabilities that could lead to unauthorized data access.

To be considered for the private program, please submit a high-quality report of a non-critical issue to security@docmint.io.

4. Security Contact

For urgent security matters or to report an incident:

Global Security Operations

security@docmint.io