Security

Mapshock handles sensitive strategic intelligence. We treat every query, every analysis, and every entity in your knowledge graph as confidential. Security is not a feature — it is a foundation that every part of the platform is built on.

• In transit: All connections use TLS encryption. No unencrypted HTTP traffic is accepted.
• At rest: Databases are encrypted at the storage layer. Sensitive fields use additional application-level encryption.
• Passwords: Cryptographically hashed with industry-standard algorithms. Plaintext passwords are never stored or logged.
• API keys: Stored as one-way cryptographic hashes. The original key is shown once at creation and never stored.

Mapshock is a multi-tenant platform. Every database query is scoped to your organization. Your data is structurally isolated — there is no API endpoint, internal tool, or admin function that can access one organization's data from another.

• Per-user visibility controls determine which team members can see which data
• Role-based access control governs permissions at multiple levels
• Sharing is explicit — data is private by default and only visible to the creator unless deliberately shared

• Sign-in options: Email/password or social login via trusted identity providers
• Session security: Encrypted sessions with automatic expiration
• Brute-force protection: Automated lockout after repeated failed login attempts
• Rate limiting: All API endpoints are rate-limited to prevent abuse
• Bot protection: Automated challenge system on public-facing forms

Your queries are processed by AI models to generate intelligence analysis. Important safeguards:

• AI providers do not use API data to train their models
• Queries are sent over encrypted connections with no persistent storage on provider side
• Internal analytical methodology is sanitized before any output reaches users or external systems
• AI-generated analysis passes through multiple validation checks before you see it

• Hosting: SOC 2 Type II certified — serverless, auto-scaling, edge network
• Database: SOC 2 Type II certified — encrypted, US-hosted, automated backups
• Email: Transactional email only, no marketing tracking
• DNS & protection: DDoS protection, WAF, no user-tracking cookies

• We do not sell or share your data with third parties
• We do not use your queries to train AI models
• We do not use advertising trackers, analytics cookies, or tracking pixels
• We do not store plaintext credentials in any form
• We do not allow cross-organization data access, even for administrators

If you discover a security vulnerability, please report it responsibly to security@mapshock.com. We will acknowledge your report within 48 hours and work to resolve confirmed vulnerabilities promptly. We do not pursue legal action against good-faith security researchers.

For security-related questions, contact security@mapshock.com. For general privacy questions, see our Privacy Policy.