Trust Center

We are committed to providing the industry's best security and privacy in all aspects of our products and services.

We have adopted ISO 27001 as our Information Security Management System to create a solid foundation to provide security controls that meet our customers' most stringent security requirements.

Macrometa has obtained a SOC 2 Type 2 certification for the Trust Criteria of Security and Availability.

The SOC 2 report is available under NDA for Macrometa customers by request at [email protected]

Technical Security Controls

Macrometa has implemented technical security controls across all aspects of its products and services

Secure Software Development

  • All engineers are provided with secure development

  • Security reviews are part of the standard code review process

  • Security engineers mentor and advise the engineering team for continual improvement

Automated Static Code Analysis

  • Of source code using integration with best-in-class third-party tools

  • This process identifies security issues in Macrometa code

  • Findings are triaged and prioritized with JIRA tickets are created for engineers

Automated and Manual Vulnerability Scans

  • Of production and development environments using best-in-class third-party tools.

  • This process identifies vulnerabilities in the environment and technology stack

  • Findings are triaged and prioritized and JIRA tickets are created for engineers

  • QA tests are created to confirm remediation in Test and Production environments

Penetration Testing

  • Macrometa has a dedicated white hacker on staff performing continuous penetration testing

  • Third-party penetration testing is performed annually

Change Management

  • Change management processes are clearly defined and followed to guarantee that any changes to production are properly documented, approved and reviewed

  • Status page updates and customer notices are posted

  • No unauthorized changes are made to production or customer environments

Scheduled maintenance & critical patching

  • Systems are scheduled for regular maintenance, software updates, and patching

  • Controlled processes exist for critical and emergency patching when required

  • Customers are notified of scheduled and emergency maintenance via agreed channels

Encryption

  • All customer data is encrypted at rest

  • All customer data is encrypted in transit using TLS 1.2 or greater

  • No customer production data is copied or used in troubleshooting or test environments unless it is at the request of the customer

Antivirus software

  • All production systems are required to run AV software

VPN, Firewalls IDS and IPS

  • Macrometa requires VPN to access production environments

  • Macrometa cloud environments are protected by firewalls following vendor-recommended configurations

  • Macrometa uses intelligent scanning and monitoring tools for intrusion detection and prevention

Password Policy and MFA

  • Macrometa’s password policy requires strong passwords that follow NIST 800-63b recommendations

  • VPN and SSO require multi-factor authentication (MFA)

  • Customer approval workflows for access to production systems available

Organizational Security Controls

Macrometa has implemented organizational security controls across all aspects of its products and services. Organizational Controls include:

Background Checks

  • International criminal and educational verification

New Hire Onboarding Checks

  • Employment Agreement

  • Employee Handbook

  • Confidentiality Agreement

  • Acceptable Use Policy

  • Annual Security Awareness Training

Least Privelege

  • Access policy follows least-privilege controls

  • Access is only granted to required roles and approved by managers

Data Classification

  • Macrometa classifies information based on confidentiality to control access and sharing.

Vendor Management

  • Macrometa’s reviews potential vendors for security practices that will meet or exceed its internal and customer requirements

  • A risk assessment is performed as part of vendor reviews

  • Vendors that may act as subprocessors are required to have a Data Protection Agreement that will meet GDPR, CCPA and global privacy regulations

Data Backups and Retention

  • Macrometa’s infrastructure is architectured for high availability, using redundancy and backups to meet internal and external data retention requirements

  • Backups are daily, weekly and monthly based on requirements

  • Backups are tested regularly for correctness

Incident Response

  • Macrometa’s standard for incident response notifications is 48 hours

  • Macrometa’s incident response plans covers escalation processes, communication plans and customer notices

Data Privacy

Macrometa’s Data Privacy Policy follows global standards of privacy and applies them for customers based on country or region. Macrometa complies with GDPR, CCPA and applicable privacy legislation.

Macrometa customers may request a Data Protection Agreement and Standard Contractual Clauses.

Request documents

Legal basis and legitimate interest

  • Macrometa will only process personal data on a legal basis of legitimate interest.

  • Macrometa will never access, use or process personal data uploaded by customers to Macrometa’s services.

Data Anonymization

  • Macrometa may anonymize personal data from analytic data collected by its systems and services with the strict intent to

    • Improve its products and services

    • Provide monitoring of the health and availability of its service to meet customer SLAs

    • To bill its customers for services consumed

    • To provide recommendations to customers to improve their experience

    • To provide customer support

Data Subject Access Requests

  • Macrometa will comply with all applicable laws and regulations regardless of country or region.

  • Data Deletion and Data Access requests are promptly responded to at [email protected]

We help make the impossible, profitable

Contact our sales team to learn how to get started with the Macrometa Global Data Network

Learn about features and custom services
Get pricing information
Explore use cases for your team
Contact Sales

Connect with an Enterprise Specialist

Please provide your contact details below and an enterprise specialist will get back to you within 24 hours.