Security Policy

Last updated: February 3, 2026

Overview

MineralCache, LLC (“MineralCache,” “we,” “us”) is committed to protecting the confidentiality, integrity, and availability of data entrusted to us. This Security Policy describes our security controls and the shared responsibilities between MineralCache and users of our Services.

Scope

This policy applies to the MineralCache marketplace and supporting systems that Process personal data and transactional information for vendors and buyers. It does not cover third-party sites linked from our Services.

Security program

• Documented information security program aligned to industry best practices.
• Risk assessments and control reviews on a periodic basis.
• Security training and confidentiality obligations for personnel with data access.

Encryption

• Transport: TLS is used for data in transit between browsers, our edge, and APIs.
• Storage: Sensitive data is encrypted at rest where supported by our infrastructure and data stores.
• Keys: Access to encryption keys is restricted to authorized personnel on a need-to-know basis.

Access control & authentication

• Role-based access control with least-privilege principles for internal tools and production systems.
• Multi-factor authentication for privileged accounts where supported.
• Session management and automatic session invalidation on logout or credential resets.

Application security

• Secure development lifecycle including code review and dependency vulnerability scanning.
• Secrets management for API keys and credentials; no hard-coding in source control.
• Input validation, output encoding, and protections against common web risks.
• Change management with peer review and staged deployments.

Infrastructure & network security

• Hosting with reputable cloud providers offering physical security and redundancy.
• Network segmentation, firewalls/security groups, and least-exposed services.
• System hardening, patching, and baseline configuration standards.
• Backups of critical data with periodic restore testing.

Payments

• Payments are processed by third-party providers (e.g., Stripe). MineralCache does not store raw payment card numbers or CVVs.
• We receive payment status and tokens from the provider for order reconciliation.

Monitoring & logging

• Centralized logging and alerting for security-relevant events.
• Anomaly detection and rate limiting to mitigate abuse and automated attacks.

Vulnerability management

• Regular scanning for known vulnerabilities in application dependencies and images.
• Risk-based remediation targets; expeditious patching for high-severity issues.

Incident response

• Documented incident response procedures covering detection, containment, eradication, and recovery.
• Post-incident review to identify root causes and preventive actions.
• When legally required or appropriate, notification to affected users and/or authorities.

Business continuity & disaster recovery

• Backups, multi-AZ/region capabilities where applicable, and recovery runbooks.
• Capacity planning and load testing for critical components.

Data retention & deletion

Personal data is retained only as long as necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Upon account closure or as otherwise required, data is deleted or anonymized within a commercially reasonable period, subject to lawful retention needs.

Third-party service providers

We may engage vetted sub-processors to support the Services (e.g., hosting, payments, communications). Each is bound by written agreements requiring appropriate data protection and security controls. See our Data Processing Addendum for more details.

Your responsibilities

• Protect your account credentials; use strong, unique passwords and enable MFA where available.
• Keep contact and shipping information accurate and up to date.
• Review vendor listings carefully and report suspicious activity.
• Comply with applicable laws, our Terms of Service, and this policy.

Responsible vulnerability disclosure

We welcome reports from the security community. If you believe you’ve found a vulnerability, email security@mineralcache.com with details sufficient for reproduction.

• Do not access, modify, or exfiltrate data that does not belong to you.
• Avoid privacy violations, service disruption, or degradation of our systems.
• Give us a reasonable time to investigate and remediate before public disclosure.
• Unauthorised automated scanning, DDoS, and social engineering are out of scope.

Changes to this policy

We may update this policy from time to time. Material changes will be indicated by updating the “Last updated” date above. Continued use of the Services after changes become effective constitutes acceptance.

Contact

MineralCache, LLC · P.O. Box 5, Llano, TX 78643, USA · security@mineralcache.com · info@mineralcache.com