Security

Trust & Security

Security isn't a feature—it's the foundation of everything we build.

Compliance

Certifications & Standards

SOC 2 Type II

Independently audited for security, availability, and confidentiality controls.

GDPR Compliant

Full compliance with European data protection regulations.

HIPAA Ready

Enterprise plans include BAA and HIPAA-compliant infrastructure.

PCI DSS

Secure payment processing that meets card industry standards.

Infrastructure

Technical Security Measures

Encryption

All data is encrypted using industry-standard protocols:

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive communications
  • Hardware security modules (HSMs) for key management

Network Security

Multi-layered protection for our infrastructure:

  • DDoS protection and mitigation
  • Web Application Firewall (WAF)
  • Network segmentation and isolation
  • Intrusion detection and prevention systems

Access Control

Strict controls on who can access what:

  • Role-based access control (RBAC)
  • Multi-factor authentication required
  • Principle of least privilege
  • Regular access reviews and audits

Infrastructure

Built on enterprise-grade cloud infrastructure:

  • Multi-region deployment for redundancy
  • Automated backups with point-in-time recovery
  • 99.99% uptime SLA (Enterprise)
  • Disaster recovery with <4 hour RTO

Monitoring & Logging

Comprehensive visibility into our systems:

  • 24/7 security monitoring
  • Centralized logging and SIEM
  • Real-time alerting on anomalies
  • 12-month log retention

Vulnerability Management

Proactive approach to finding and fixing issues:

  • Regular penetration testing by third parties
  • Automated vulnerability scanning
  • Bug bounty program
  • Rapid patching process
Processes

Security Practices

Secure Development

Security is built into our development process from day one:

  • Security training for all engineers
  • Code reviews with security focus
  • Static and dynamic analysis
  • Dependency vulnerability scanning

Employee Security

Our team is trained and vetted:

  • Background checks for all employees
  • Annual security awareness training
  • Phishing simulations
  • Clean desk and screen policies

Incident Response

Prepared for when things go wrong:

  • Documented incident response plan
  • Dedicated security response team
  • Regular tabletop exercises
  • Transparent communication policy
Data

How We Handle Your Data

Your data belongs to you. We're just stewards.

  • Data isolation. Each customer's data is logically separated and cannot be accessed by other customers.
  • Data minimization. We only collect and retain data necessary for providing our services.
  • No selling. We never sell your data to third parties. Period.
  • Export anytime. You can export all your data at any time through our dashboard or API.
  • Right to delete. Request complete deletion of your data whenever you want.

Security Contact

Found a vulnerability? We appreciate responsible disclosure.

Email: security@matisdigital.ca

PGP Key: Available on request

Bug Bounty: Up to $10,000

We commit to responding within 24 hours and working with researchers to resolve issues quickly.

Questions?

Need more details?

Our security team is happy to answer questions, provide documentation, or walk through our security posture.

Contact Security Team