- Home
- Mavarick Trust Centre
Mavarick Trust Centre
Table of Contents
Data Encryption
Data transmitted between the Mavarick web application and its server database (EU-hosted) is safeguarded with Transport Layer Security (TLS) using 256-bit encryption. The data stored in AWS databases is encrypted using the SHA-256 algorithm, with encryption keys securely managed in AWS Key Management System (KMS). All encryption protocols are enforced at the database’s entry point for enhanced security. To prevent unauthorized external access, an AWS Web Application Firewall (WAF) protects Mavarick’s server, securing data storage and processing functions.
Operational Security
Role-based access controls are in place to protect personal data on the Mavarick server from unauthorized access. Access to sensitive data is controlled via secure usernames and passwords, with all activities logged according to best practices. Access rights and permissions are regularly reviewed to ensure they are up-to-date, prevent unauthorized privileges, and identify and remove any redundant accounts.
Supporting Data Assets
- Mavarick Web Application: Serves as the primary interface for users.
- AWS Cloud Services: Provides backend cloud storage and infrastructure, ensuring data security and availability.
- SendGrid: Delivers email services for user notifications, including alert reminders and password reset requests.
How is Your Data Processed?
Your data is processed within cloud environments managed by us, ensuring that data remains isolated, secure, and access is strictly controlled and audited.
Who Has Access to Your Data?
- Customer Engineers: Access your data during onboarding, updates, and data refreshes.
- Customer Success Team: Accesses data through the Mavarick web application to provide user support.
- Support Engineers: Access data only when diagnosing software or data issues.
Access to data is always controlled by role-based access restrictions and is fully audited.
Mavarick is ISO 27001:2022 Information Security Management System (ISMS) compliant.
An accredited third-party body audited our risk management approach and the operational controls that ensure our company’s security. We are proud to have completed this process with no findings, meaning that no non-conformances to the ISO 27001 specification were identified and no opportunities for improvement were flagged.
Mavarick's Role Under GDPR
Under the General Data Protection Regulation (GDPR), Mavarick acts as a Data Processor, while the Customer serves as the Data Controller. This means that Mavarick processes data on behalf of the Customer according to their instructions and contractual terms. As a Data Processor, Mavarick is responsible for implementing data protection measures, such as encryption and access controls, and ensuring data security and integrity, while the customer holds primary responsibility for determining the purpose and means of data processing.