Security & privacy
How MapTrack protects your data and supports enterprise access controls and regional hosting.
Hosting and infrastructure
MapTrack runs on Amazon Web Services (AWS) with regional hosting options across Australia, the United States, and Europe. This lets your organisation store data in your preferred jurisdiction to meet data sovereignty requirements. Our infrastructure is built for reliability, with a 99.9% uptime SLA backed by redundant availability zones and automated failover. All environments are monitored around the clock, with proactive alerting to ensure consistent performance for teams in the field and in the office.
Access control
MapTrack supports single sign-on (SSO) via SAML 2.0, with out-of-the-box integrations for Google Workspace, Microsoft Entra ID (Azure AD), and Okta. Role-based access control (RBAC) provides granular permissions at the site level, asset-type level, and action level (read, write, scan, administer), so field workers see only what they need and administrators retain full oversight. Every user action is captured in a comprehensive audit trail, giving your compliance and IT teams a complete, time-stamped record of who accessed, modified, or transferred assets.
Data and privacy
All data is encrypted at rest using AES-256 and in transit using TLS 1.3 to protect your asset and operational information at every stage. Automated daily backups with point-in-time recovery ensure your data can be restored quickly in the event of an incident. We treat your data as confidential and use it solely to provide and improve the service. We do not sell your data to third parties. For full terms, see our Privacy policy and Terms of service.
Compliance and audits
MapTrack is designed to support compliance with the Australian Privacy Act 1988 and GDPR for organisations operating in the European Union. We are on the path to SOC 2 Type II certification and can share our current security posture on request. A Data Processing Agreement (DPA) is available for enterprise customers who require one as part of their procurement process. Security and compliance requirements vary by industry and organisation, so we are happy to assist with vendor security questionnaires, risk assessments, and audit requests.
Compliance and certifications
MapTrack is designed to support compliance with industry and regional standards.
Australian Privacy Act
Compliant with the Australian Privacy Act 1988 and Australian Privacy Principles (APPs).
GDPR Ready
Data Processing Agreement (DPA) available. Regional hosting in EU, AU and US for data sovereignty.
SOC 2 Type II
On the path to SOC 2 Type II certification. Current security posture available on request.
AES-256 Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Bank-grade security for your asset data.
AWS Hosted
Hosted on Amazon Web Services with 99.9% uptime SLA. Regional options across AU, US and EU.
Role-Based Access
Granular RBAC with SSO (SAML 2.0), audit trails and site-level permissions. Enterprise-ready.
Security questions
- Is my data encrypted?
- Yes. All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Database backups are also encrypted.
- Where is my data stored?
- MapTrack is hosted on AWS infrastructure in the Asia-Pacific (Sydney) region. Data remains within Australia unless you request otherwise for multi-region deployments.
- Who has access to my data?
- Only authorised members of your organisation can access your account data. MapTrack staff access is restricted to essential support and infrastructure operations, governed by role-based access controls and audit logging.
- Does MapTrack support Single Sign-On (SSO)?
- Yes. MapTrack supports SSO via SAML 2.0 for enterprise customers. This allows your team to authenticate through your existing identity provider (e.g. Azure AD, Okta, Google Workspace).
- Is MapTrack SOC 2 certified?
- MapTrack follows SOC 2 security principles across our infrastructure and operations. Formal certification is on our roadmap. Contact us for our current security documentation.
- How do you handle security incidents?
- We maintain a documented incident response process covering detection, containment, investigation and notification. Customers are notified of any incident that may affect their data.
- Can I get a Data Processing Agreement (DPA)?
- Yes. We provide DPAs for customers who require them for GDPR, Australian Privacy Act or other regulatory compliance. Contact our team to request one.
- How often do you perform security audits?
- We conduct regular vulnerability assessments and infrastructure reviews. Our hosting provider (AWS) undergoes continuous third-party audits including SOC 2 Type II and ISO 27001.