Security

Security at Maaya is about discipline more than drama. We favour boring, well-maintained controls over novelty.

Infrastructure

• Primary infrastructure on AWS and Supabase, dual-region capable.
• TLS 1.2+ for all data in transit. AES-256 at rest.
• Isolation between tenants enforced at application and database layers.
• Backups with tested point-in-time recovery.

Access and identity

• Role-based access control with least-privilege defaults.
• SSO via SAML / OIDC on enterprise plans.
• MFA required for all Maaya employees; hardware keys for production access.
• Privileged access just-in-time with full audit trail.

Application security

• Dependency scanning and SAST on every pull request.
• Secret scanning with automated rotation triggers.
• Penetration test annually by an independent firm; summary letter available under NDA.

Monitoring

• Centralised logs, metrics, traces (Sentry, Vercel analytics, AWS CloudWatch).
• 24×7 alerting to the on-call engineer.
• Defined incident response playbooks with customer notification within contractual SLA.

Vulnerability disclosure

If you believe you've found a security issue, email security@maayasoft.in. We respond within one business day and do not pursue legal action against good-faith researchers.

Roadmap

ISO 27001 audit is in progress with a target report in the next twelve months. SOC 2 Type II follows. For the current status or to request our security questionnaire response, email trust@maayasoft.in.