Security

Mapshock handles sensitive calibrated intelligence. We treat every query, every analysis, and every entity in your knowledge map as confidential. Security is not a feature. It is a foundation that every part of the platform is built on.

• In transit: All connections use TLS encryption. No unencrypted HTTP traffic is accepted.
• At rest: Databases are encrypted at the storage layer. Sensitive fields use additional application-level encryption.
• Passwords: Cryptographically hashed with industry-standard algorithms. Plaintext passwords are never stored or logged.
• API keys: Stored as one-way cryptographic hashes. The original key is shown once at creation and never stored.

Mapshock is a multi-tenant platform. Every database query is scoped to your organization. Your data is structurally isolated. There is no API endpoint, internal tool, or admin function that can access one organization's data from another.

• Per-user visibility controls determine which team members can see which data
• Role-based access control governs permissions at multiple levels
• Sharing is explicit. Data is private by default and only visible to the creator unless deliberately shared

• Sign-in options: Email/password or social login via trusted identity providers
• Session security: Encrypted sessions with automatic expiration
• Brute-force protection: Automated lockout after repeated failed login attempts
• Rate limiting: All API endpoints are rate-limited to prevent abuse
• Bot protection: Automated challenge system on public-facing forms

Your queries are processed by AI models to generate calibrated analyses. Important safeguards:

• AI providers do not use API data to train their models
• Queries are sent over encrypted connections with no persistent storage on provider side
• Internal analytical methodology is sanitized before any output reaches users or external systems
• AI-generated analysis passes through multiple validation checks before you see it

• Hosting: SOC 2 Type II certified. Serverless, auto-scaling, edge network
• Database: SOC 2 Type II certified. Encrypted, US-hosted, automated backups
• Email: Transactional email only, no marketing tracking
• DNS & protection: DDoS protection, WAF, no user-tracking cookies

• We do not sell or share your data with third parties
• We do not use your queries to train AI models
• We do not use advertising trackers, analytics cookies, or tracking pixels
• We do not store plaintext credentials in any form
• We do not allow cross-organization data access, even for administrators

If you discover a security vulnerability, please report it responsibly to security@mapshock.com. We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities promptly. We do not pursue legal action against good-faith security researchers.

For security-related questions, contact security@mapshock.com. For general privacy questions, see our Privacy Policy.