Security
Trust, engineered.
Security is not a feature we added — it is the foundation Maya OS is built on. From encryption to independent audits, here is how we protect your data.
Our practices
Defense in depth.
Encryption everywhere
Data is encrypted at rest with AES-256 and in transit with TLS 1.3. Keys are managed and rotated by a dedicated KMS.
SOC 2 Type II
Independently audited against the Trust Services Criteria, with a current attestation report available under NDA.
GDPR & data residency
Choose US or EU data residency. We act as a processor under a comprehensive DPA with standard contractual clauses.
SSO & SAML
Enforce single sign-on with your identity provider, plus SCIM provisioning and granular role-based access control.
Audit logging
Every action is recorded in tamper-evident, exportable logs so you always know who did what, and when.
Penetration testing
Third-party pen tests run at least annually, with continuous automated scanning and a public disclosure program.
Certifications & frameworks
Transparency
Our subprocessors.
The third parties we rely on to deliver the service, and what each one does.
| Provider | Purpose | Region |
|---|---|---|
| Amazon Web Services | Cloud infrastructure & hosting | US / EU |
| Cloudflare | CDN, DNS & DDoS protection | Global |
| Stripe | Payment processing | US |
| Twilio | SMS & voice delivery | US / EU |
| SendGrid | Transactional email | US |
| Datadog | Observability & monitoring | US / EU |
Report a vulnerability
Found a security issue? We appreciate responsible disclosure and respond to every report. Reach our security team directly and we will acknowledge within one business day.
Built for teams that can't compromise.
Talk to us about enterprise security, custom DPAs, and data residency.