Keeping your data safe is important to us.

Datacenter security

All our platform infrastructure is hosted on Amazon Web services (“AWS”) facilities, within virtual private clouds “VPC” we configure and manage to safeguard against unauthorized network requests.
AWS is deeply committed to securing the underlying infrastructure we build on, and continuously expands their Compliance programs. For more details, please visit https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/programs/

Encrypted transmission

All user data is transported securely, encrypted in transit and encrypted at rest. Encrypting your data provides an additional layer of protection towards events such as unauthorised modification and man-in-the-middle attacks, etc. We use 256-bit SSL/TLS.1.2 encryption, and industry-standard AES-256 algorithms respectively.

Platform Architecture Design

Our platform is designed to follow microservices architecture design principles, meaning our services and their underlying backend components are decoupled from each other. This enables us to automatically scale infrastructure based on demand, with minimal impact to business operation.

Infrastructure resources are created directly from code instruction, commonly referred to as "Infrastructure as Code" (IaC). Backend infrastructure is frequently replaced, as part of our continuous deployment pipeline to ensure consistent and version controlled environments.

Platform Reliability

Our platform is designed to be highly available and fault tolerant. We monitor continuously and automatically trigger prioritised alerts directly to the responsible teams who react accordingly.
Sometimes unexpected hiccups do happen from time to time. When our monitoring detects issue that may impact your experience with our service, we'll be sure to take ownership and keep you updated in real-time via our status page - https://status.maze.design/

Your privacy rights are important

Maze is dedicated to ensuring that all customer and employee personal data is treated in accordance with the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA").

Certified

We hold ourselves to our own high standards, as well as those established by the industry. We are currently SOC 2 Type I certified, and progressing towards Type II in the near future.

Credit Cards

Maze does not directly store any credit card or payment information. We have partnered with Stripe to securely handle the sensitivity of payment processing data. Please see https://stripe.com/docs/security/ stripe for more information about their security commitment and PCI compliance.

Questions

If you have any security questions or if you believe you have found a security vulnerability please don't hesitate to contact our Security Team at support@maze.design.