Mynt has been a registered Swedish e-money institution since 2021 and is supervised by the Swedish Financial Supervisory Authority (Finansinspektionen). This means that we comply with comprehensive banking regulations as set forth by law and by the European Banking Authority (EBA) and Finansinspektionen. It also means that we are obliged to maintain confidentiality regarding our customers and their relationships with us.

Mynt is ISO 27001:2022 certified, demonstrating our commitment to the highest standards of information security. This globally recognized certification ensures that we have a robust management system in place to protect data and systems, manage cybersecurity risks, and implement industry best practices.

Mynt is GDPR compliant, ensuring high standards of data protection, privacy, and security. We implement strict controls to safeguard personal data, provide transparency in data processing, and uphold individuals' rights under the General Data Protection Regulation (GDPR).

As a licensed e-money institution, Mynt is obliged to protect customers' money. Mynt does this by keeping customers’ money in a segregated client funds account. By doing so, client funds are covered by the government deposit guarantee through the Swedish National Debt Office, up to 1 050 000 SEK per customer account (about 95 000 EUR)

The Mynt platform implements strong customer authentication (SCA) to ensure secure and seamless access for our users while meeting PSD2 requirements. Strong authentication protects customer accounts against unauthorized access. By leveraging strong authentication technologies tailored to different regions, we enhance account security while maintaining a frictionless user experience.

Mynt platform is hosted on Amazon Web Services (AWS) cloud environment, with both storage and compute. Europe-west 1 (Ireland) is the primary infrastructure location. Infrastructure is configured using cloud formation and infrastructure as code. This enables rapid restore times should the network setup need to be restored.

Mynt’s platform is hosted on Amazon Web Services (AWS) cloud environment, leveraging both storage and compute services. Ireland (eu-west-1) is the primary infrastructure location. Mynt’s infrastructure is managed as code (IaC) in order to provide consistent deployments, configuration and updates. This also ensures quick restore time if needed.

Mynt uses Upwind intrusion detection and prevention system to protect the cloud hosting and network infrastructure environment. Upwind continuously monitors network traffic and system activities, identifying and mitigating potential threats in real time. By using advanced anomaly detection and automated response mechanisms, Mynt proactively defends against unauthorized access, malware, and other security risks.

At Mynt, all new employees undergo rigorous background checks as part of the hiring process to verify identity and employment credentials. Additionally, we implement ongoing monitoring throughout employment, conducting periodic security assessments to maintain a secure and trusted workforce.

Internal accesses are provided on a least privileged basis, and resources configured on the principle of zero trust. Access controls are reviewed at regular intervals to ensure compliance with Mynt’s access management policies.

We classify data based on sensitivity and criticality, ensuring appropriate handling and access controls for each data type. Sensitive data is isolated in secure environments, and strict separation protocols are enforced to limit exposure. Data retention is managed according to legal and regulatory requirements, with deletion or anonymization processes in place for data that is no longer required. These measures minimize risk, optimize data security, and ensure the responsible management of information throughout its lifecycle.

At Mynt, we follow industry best practices in Business Continuity and Disaster Recovery (BCDR) to ensure the resilience and security of our platform. Our robust strategy includes continuous data backups, redundancy in backups, and incident response plans to minimize disruptions and maintain service availability.

Through proactive risk assessments, monitoring systems that provide alerts, and regular reviews and testing, we ensure that our systems can quickly recover from unexpected events, keeping our customers’ data secure and our services reliable.  We invest in ongoing staff training to ensure our team is prepared to respond as incidents arise, maintaining seamless operations and protecting our customers' data.

As a regulated e-money institution (EMI), Mynt has a requirement to have knowledge about our customers and their businesses. This means we carry out a Know Your Customer (KYC) process before we do business with any customer, and renew this at regular intervals. We ask our customers to complete a KYC questionnaire, and we may require customers to submit additional data and documentation. Our identity verification processes and adaptive risk assessments ensure compliance with global regulations while minimizing friction for legitimate businesses.