How we protect your data
We believe trust is earned through transparency. Here is where Maindex stands today and where we are headed.
Tenant isolation
Every account is a fully isolated tenant. Your data is never shared, mixed, or accessible by other users. Database-level row isolation enforced on every query.
Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Locked collections add an additional layer of passphrase-based access control.
Authentication
OAuth-first authentication through WorkOS. No passwords stored by Maindex. API keys available as a fallback for headless environments, with per-key revocation.
Access control
Locked collections are hidden from all sessions until explicitly unlocked. An additional authentication layer prevents agents from attempting to bypass the lock and access protected data without your authorization. Step-up re-authentication required for destructive operations like account deletion and locked data export.
- SOC 2 Type II — Target: Early 2027.
- Teams — Groups of collections owned by an organization, with access granted to one or more users.
- Audit logs — Immutable record of all access and mutations, queryable by team admins.
- SSO / SAML — Enterprise single sign-on for team accounts.
- Role-based access control — Granular permissions for team members within a shared tenant.
- Data residency options — Choose where your data is stored.
Questions about security? Contact us at security@maindex.io.