SOC 2 Type II

Maya OS undergoes an annual SOC 2 Type II examination performed by an independent, accredited auditing firm. The report evaluates the design and operating effectiveness of our controls over a defined review period, typically twelve months.

Our examination covers the Security, Availability, and Confidentiality trust services criteria. These assess how we protect systems against unauthorized access, keep the service available for operation, and safeguard information designated as confidential.

Controls include role-based access with least privilege, mandatory single sign-on for internal systems, encryption of data in transit and at rest, centralized logging, vulnerability management, and a formal change-management process for all production deployments.

We operate across multiple availability zones with automated failover, continuous monitoring, and regularly tested backup and disaster-recovery procedures. Our public status page reflects real-time and historical availability for every component.

Customer data is logically segregated by workspace, access is restricted on a need-to-know basis, and confidential information is handled, retained, and disposed of according to documented policies reviewed at least annually.

Beyond the annual audit, we run continuous control monitoring, automated security scanning, and periodic third-party penetration testing. Findings are tracked to remediation through a formal risk-management process.

The full SOC 2 Type II report is available to current and prospective customers under a non-disclosure agreement. Contact security@maya-os.com or your account team to request a copy and the latest bridge letter.