How we protect your data
Maeve AI manages sensitive customer information including shopper reviews, product catalogues, and order history. We protect that data through layered infrastructure, application, and operational controls.
For security inquiries, contact security@maeve-ai.com.
Infrastructure
The platform operates on Amazon Web Services in Stockholm (eu-north-1). All network traffic is encrypted using TLS 1.2 or higher. Production databases and storage use AES-256 encryption. Snowflake analytics enforce encryption by default, and automated backups of production data are retained for 14 days.
Data isolation
As a multi-tenant system, every query against our analytics layer is scoped to your brand's data using a strict tenant isolation model. This enforcement occurs at the infrastructure level, preventing cross-brand data visibility.
Authentication and access control
Auth0 handles user authentication in the EU. Passwords are never stored by Maeve AI. Internally, the team follows least-privilege access principles with restricted production system access and regular reviews. All AWS API activity is logged via CloudTrail for audit purposes.
Secrets management
Application secrets and credentials are stored in AWS Systems Manager Parameter Store as encrypted SecureString parameters. Secrets remain excluded from source code and unencrypted files.
Dependency management
GitHub Dependabot performs automated vulnerability scanning across production repositories to identify and address third-party dependency vulnerabilities.
Incident response
A documented incident response plan exists. In the event of a security incident affecting customer data, we will notify affected customers within 72 hours in accordance with GDPR requirements.
Privacy and GDPR
The platform complies with UK and EU GDPR regulations. Brand customers act as data controllers; Maeve AI serves as data processor. All infrastructure and data processing takes place within the EU. No personal data transfers occur outside the European Economic Area, and we do not share your data with third parties without your explicit consent.
Shoppers may request data access or deletion through the brand or privacy@maeve-ai.com. Data Processing Agreements are available upon request.
Vulnerability disclosure
Report vulnerabilities to security@maeve-ai.com. We commit to acknowledging reports within 48 hours. Public disclosure should await investigation and remediation.