Trust Center
We are committed to providing the industry's best security and privacy in all aspects of our products and services.
Macrometa has obtained a SOC 2 Type 2 certification for the Trust Criteria of Security and Availability. The SOC 2 report is available under NDA for Macrometa customers by request at sales@macrometa.com.
TECHNICAL SECURITY CONTROLS
Macrometa has implemented technical security controls across all aspects of its products and services
Secure Software Development
- All engineers are provided with secure development.
- Security reviews are part of the standard code review process.
- Security engineers mentor and advise the engineering team for continual improvement.
Automated Static Code Analysis
- Of source code using integration with best-in-class third-party tools.
- This process identifies security issues in Macrometa code.
- Findings are triaged and prioritized with JIRA tickets are created for engineers.
Automated and Manual Vulnerability Scans
- Of production and development environments using best-in-class third-party tools.
- This process identifies vulnerabilities in the environment and technology stack.
- Findings are triaged and prioritized and JIRA tickets are created for engineers.
- QA tests are created to confirm remediation in Test and Production environments.
Penetration Testing
- Macrometa has a dedicated white hacker on staff performing continuous penetration testing.
- Third-party penetration testing is performed annually.
Change Management
- Change management processes are clearly defined and followed to guarantee that any changes to production are properly documented, approved and reviewed.
- Status page updates and customer notices are posted.
- No unauthorized changes are made to production or customer environments.
Scheduled Maintenance & Critical Patching
- Systems are scheduled for regular maintenance, software updates, and patching.
- Controlled processes exist for critical and emergency patching when required.
- Customers are notified of scheduled and emergency maintenance via agreed channels.
Encryption
- All customer data is encrypted at rest.
- All customer data is encrypted in transit using TLS 1.2 or greater.
- No customer production data is copied or used in troubleshooting or test environments unless it is at the request of the customer.
Antivirus Software
- All production systems are required to run AV software.
VPN, Firewalls IDS and IPS
- Macrometa requires VPN to access production environments.
- Macrometa cloud environments are protected by firewalls following vendor-recommended configurations.
- Macrometa uses intelligent scanning and monitoring tools for intrusion detection and prevention.
Password Policy and MFA
- Macrometa’s password policy requires strong passwords that follow NIST 800-63b recommendations.
- VPN and SSO require multi-factor authentication (MFA).
- Customer approval workflows for access to production systems available.
ORGANIZATIONAL SECURITY CONTROLS
Macrometa has implemented organizational security controls across all aspects of its products and services. Organizational Controls include:
Background Checks
- International criminal and educational verification.
New Hire Onboarding Checks
- Employment Agreement.
- Employee Handbook.
- Confidentiality Agreement.
- Acceptable Use Policy.
- Annual Security Awareness Training.
Least Privilege
- Access policy follows least-privilege controls.
- Access is only granted to required roles and approved by managers.
Data Classification
- Macrometa classifies information based on confidentiality to control access and sharing.
Vendor Management
- Macrometa’s reviews potential vendors for security practices that will meet or exceed its internal and customer requirements.
- A risk assessment is performed as part of vendor reviews.
- Vendors that may act as subprocessors are required to have a Data Protection Agreement that will meet GDPR, CCPA and global privacy regulations.
Data Backups and Retention
- Macrometa’s infrastructure is architectured for high availability, using redundancy and backups to meet internal and external data retention requirements.
- Backups are daily, weekly and monthly based on requirements.
- Backups are tested regularly for correctness.
Incident Response
- Macrometa’s standard for incident response notifications is 48 hours.
- Macrometa’s incident response plans covers escalation processes, communication plans and customer notices.
DATA PRIVACY
Macrometa’s Data Privacy Policy follows global standards of privacy and applies them for customers based on country or region. Macrometa complies with GDPR, CCPA and applicable privacy legislation.
Legal basis and legitimate interest
- Macrometa will only process personal data on a legal basis of legitimate interest.
- Macrometa will never access, use or process personal data uploaded by customers to Macrometa’s services.
Data Anonymization
- Macrometa may anonymize personal data from analytic data collected by its systems and services with the strict intent to:
- Improve its products and services.
- Provide monitoring of the health and availability of its service to meet customer SLAs.
- To bill its customers for services consumed.
- To provide recommendations to customers to improve their experience.
- To provide customer support.
Data Subject Access Requests
- Macrometa will comply with all applicable laws and regulations regardless of country or region.
- Data Deletion and Data Access requests are promptly responded to at privacy@macrometa.com.
Macrometa customers may request a Data Protection Agreement and Standard Contractual Clauses.
We help make the impossible, profitable
Contact our sales team to learn how to get started with the Macrometa Global Data Network
- Learn about features and custom services
- Get pricing information
- Explore use cases for your team