Platform
Security & Trust
Enterprise-grade controls without enterprise-grade theatre.
Data residency (EU + India), encryption in transit and at rest, RBAC + SSO, audit logging, a GDPR-ready posture, and an ISO 27001 / SOC 2 certification roadmap.
How it works
What makes security & trust different
Data residency
EU (Frankfurt) and India (Mumbai) regions by default; dedicated single-tenant on request.
Encryption
TLS 1.3 in transit; AES-256 at rest; per-tenant KMS keys for dedicated deployments.
Access control
Role-based access, attribute-based policies, SSO (SAML + OIDC), SCIM provisioning.
Audit logging
Every read and write on sensitive tables; exportable; tamper-evident storage.
GDPR posture
Data controller/processor model, DPA available, SAR tooling, right-to-erasure workflows.
Certification roadmap
ISO 27001 in progress (target 2026 Q3), SOC 2 Type I planned 2026 Q4.
What you can expect
- Shared-responsibility model documented and reviewed with your team during implementation.
- Vulnerability disclosure policy with a private reporting channel and a 90-day remediation SLA.
- Annual penetration tests by an external firm; executive summary shareable under NDA.
- Incident response with defined severities, communication SLAs, and post-incident reports.
What we don’t claim (yet)
- ISO 27001 certified — we’re working toward it; target 2026 Q3.
- SOC 2 Type II — planned after Type I lands.
When we have them, they’ll show up here with links to the reports. Until then, we’ll say "in progress" — that’s the Maaya rule.
Customer list and peer references
Under NDA, we can share the customer list in your region and connect you with existing customers for peer references. Ask your consultant.
Ready when you are
Want security & trust in action?
One call. Bring the question you care about most. We’ll show you the real thing, not a pitch.