1
Trust Report
At MapMyCompany, we understand that your business processes are confidential and critical. This report outlines our commitment to protecting your data with enterprise-grade security.
2
Four Pillars of Protection
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your process maps and documentation are protected at every stage.
Secure Infrastructure
Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA. Regular security audits and automated vulnerability scanning.
Privacy by Design
Zero-knowledge architecture means we cannot access your unencrypted data. Your business processes remain confidential to your organization.
Data Sovereignty
Choose where your data is stored with regional data centers. Full data portability and right to deletion at any time.
3
Certifications
We maintain the highest standards of compliance to protect your data and meet regulatory requirements.
SOC 2 Type II
Annual independent audit of security, availability, processing integrity, confidentiality, and privacy controls.
ISO 27001
International standard for information security management systems, ensuring systematic approach to managing sensitive data.
GDPR
Full compliance with European data protection regulations including data subject rights and privacy by design principles.
CCPA
California Consumer Privacy Act compliance ensuring transparency and control over personal information.
4
How We Handle Your Data
Data Collection
We only collect data necessary for providing our service. Process maps, chat history, and user account information are stored securely. We never sell or share your data with third parties.
Data Storage
All data is encrypted at rest using AES-256 encryption. Database backups are performed daily and stored in geographically distributed locations with the same encryption standards.
Data Access
Access to production data is strictly controlled and logged. Only authorized personnel with legitimate business need can access systems, and all access is monitored and audited.
Data Deletion
You can request deletion of your data at any time. Upon account deletion, all associated data is permanently removed from our systems within 30 days, including backups.
5
Security Measures
Penetration Testing
Regular third-party security assessments
Vulnerability Scanning
Automated daily scans of all systems
DDoS Protection
Enterprise-grade traffic filtering
Access Controls
Multi-factor authentication required
Audit Logging
Comprehensive activity tracking
Incident Response
24/7 security monitoring and response
Secure Development
Security review in CI/CD pipeline
Data Backup
Automated encrypted backups
Network Security
Firewalls and intrusion detection
6
Questions About Security?
Our security team is here to address any concerns you may have about data protection.