Mapadillo Security Policy

Each user and team using Mapadillo expects their data to be secure and highly confidential.  We understand the importance of keeping our users' data private and we enforce strict security policies to achieve this.

For more information about our policies, please see our Terms of Service and our Privacy Policy.

System & Hosting Security

Mapadillo is hosted by AWS. We use the firewall in Amazon Elastic Compute Cloud to reduce vulnerabilities: HTTP and HTTPS ports are open to our users, SSH ports are only open to authorised members of our team, all other ports are closed.

We use public key-based SSH login.  Only three Mapadillo engineers have direct access to the hosting machines and their console logins are secured using two factor authentication.

All Mapadillo user connections are encrypted using HTTPS using state of the art RSA 2048 bits keys.  Its configuration supports current security features such as SHA256 digests.

All HTTP communication uses HTTP Strict Transport Security (HSTS) to ensure that all interaction is over a secure connection.

Mapadillo Software Security

Mapadillo has been developed by experienced software engineers.  Our engineers have worked in security-critical environments and have experience in gaining accreditation for systems to operate in accordance with exacting government and commercial security standards.  Mapadillo is regularly audited according to OWASP best practice.

User Data Security

All private resources require server side authentication and resource-specific authorisation.  Vaults are at the heart of Mapadillo access control.  You store data in containers that we call Vaults.  You share and collaborate by sharing Vaults.  Mapadillo allows you to see exactly who has access to your data.

Questions

If you have any questions regarding Mapadillo's security, please contact us.

This policy was last updated on 26th February 2016.