Mind Chill
    Good Proof™by Mind Chill®
    HomeHow It WorksSectorsNewsMind Chill GuardiansPricing
    Book Sprint
    Mind Chill
    Good Proof™by Mind Chill®

    Contract-referenceable verification for high-impact AI actions. Scope-bound, expiry-aware, and human-final when it matters.

    Sales: [email protected]Security: [email protected]Support: [email protected]

    UK

    Mind Chill Nootropics Ltd

    09667911

    Singapore

    Mindchill Research Pte. Ltd.

    202544340Z

    A division of

    Mind Chill — Department of Human Defense

    Not a certification. Scope-limited verification. Acceptance depends on counterparty/programme requirements.

    Product

    • Good Proof Stamp
    • Stamp Spec
    • IDA Evidence Pack
    • How It Works
    • Verify API
    • Guardians
    • Pricing

    Solutions

    • Sectors
    • Specimens
    • Verify a Stamp
    • AI GOLD
    • Trust Metrics
    • RegTech
    • Security Automation

    Safeguards

    • Kill Switch
    • Agentic Security
    • Clause Pack
    • Coverage Reports
    • Portability & Data Rights

    Company

    • Book a Stamp Sprint
    • Advocate Partners
    • Partner Program
    • News
    • Leadership
    • Trust & Security
    • Official Domains

    © 2026 Good Proof by Mind Chill. All rights reserved.

    PrivacyTermsCookiesSecurityContactFAQStatusOfficial
    HomeSecurity Policy

    Security Policy

    Good Proof takes security seriously. This page outlines our security practices, controls, and responsible disclosure programme.

    Infrastructure Security

    Good Proof is hosted on Vercel with Supabase for data storage. All infrastructure runs on TLS 1.3 encrypted connections. We use Cloudflare for DDoS protection and Web Application Firewall (WAF) capabilities. Database access is restricted via Row Level Security (RLS) policies.

    Data Encryption

    All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256 encryption provided by our infrastructure providers. Sensitive fields including IP addresses are hashed before storage using one-way cryptographic functions.

    Access Controls

    Administrative access is restricted to authorised personnel only. API endpoints are protected by rate limiting (via Upstash Redis), anti-junk validation, and Cloudflare Turnstile CAPTCHA verification. Service-level access uses scoped API keys with least-privilege principles.

    Incident Response

    We maintain an incident response plan covering detection, containment, eradication, and recovery. Security incidents are documented and reviewed. Affected parties are notified in accordance with applicable data protection regulations.

    Vulnerability Management

    We regularly review and update our dependencies for known vulnerabilities. Our Content Security Policy (CSP) is configured to prevent XSS and injection attacks. All user input is validated and sanitised before processing.

    Compliance

    Good Proof is designed with privacy and security by default. We are working towards SOC 2 Type II certification. Our practices align with GDPR and PDPA requirements. Security headers including HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy are enforced on all pages.

    Responsible Disclosure

    If you discover a security vulnerability in Good Proof, we encourage responsible disclosure. Please report it to our security team at [email protected]. We will acknowledge receipt within 48 hours and work with you to understand and address the issue.

    Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to address them. We appreciate the security research community and will credit reporters who follow responsible disclosure practices.

    Contact

    For security questions or to report a concern, contact [email protected]. For general enquiries, visit our Contact page. See also our Trust Model.