Your trust is our top priority
Trust is earned through transparency, accountability, and consistent protection of your data. We demonstrate this commitment by implementing strong technical and organizational safeguards, maintaining independently audited security certifications, and aligning our practices with GDPR principles such as data minimization, purpose limitation, and privacy by design. Through clear policies, secure infrastructure, and ongoing risk management, we ensure your data is handled responsibly and in full respect of your compliance obligations.
We want to earn your trust
Privacy and security are our priorities so your team can focus on what you do best – app development.
Privacy
We’re committed to protecting your privacy through our product, infrastructure, and data governance.
Data Center Security
We hold and maintain top certifications and deploy world-class physical, network, and process-level security at each of our locations.
Compliance
We adhere to global, regional, and industry regulations to help you meet compliance standards.
Need a security document? No problem
You can access all our security reports and documentation. Don’t see what you need? Contact us to get the answers you need, exactly when you need them.
Privacy and data protection
Macdome respects your privacy and is committed to protecting the privacy and confidentiality of personal data we collect.
Privacy
We’re committed to protecting your privacy through our product, infrastructure, and data governance.
Data processing agreement (DPA)
Customers that require a signed DPA to maintain regulatory compliance can contact us.
Payment data security
Credit card purchases for Macdome services are processed by PayPal. When our customers provide their credit or debit card information via our website, the data is sent to PayPal for processing, and the payment data is not stored on our systems.
Secure communications
All communications with Macdome are transmitted over TLS (HTTPS), and we use SSL encryption to protect visitor data. We provide connectivity to our hardware via SSH and recommend that customers use SSH keys to securely set up their access.
In our data centers
Physical security
Credit card purchases for Macdome services are processed by PayPal. When our customers provide their credit or debit card information via our website, the data is sent to PayPal for processing, and the payment data is not stored on our systems.
Monitoring
Macdome maintains 24/7 security incident and event management (SIEM). We monitor our infrastructure at all times with engineers on call to resolve any security-related events. Macdome security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.
Access logging
All access to customer systems is automatically logged and recorded via a privileged access control system/secure jump box. Our logging includes system actions as well as the logins and commands issued by our system administrators.
Securing your environment
We include the following technology with every Mac private cloud:
Dedicated hardware
We provide the hardware – the environment is all yours. You get root access and can configure it as you wish. We encourage our customers to update their credentials to lock Macdome personnel out of their firewalls and hosts for ultimate security.
Enterprise-grade firewall
Macdome provides an up-to-date Cisco ASA firewall with each of our private clouds. The firewall is setup by your team with your specifications, and can enable VPNs, white-listed IP ranges and more.
Network monitoring
See all traffic to and from your firewall. The monitoring system will alert you to unusual host or network activity.
Federated SSO (SAML)
Control access to your Mac private cloud with your existing identity provider to ensure that the right team members have the right access, all the time.
General Data Protection Regulation (GDPR)
GDPR is a comprehensive legal framework implemented by the European Union (EU) to protect the privacy and personal data of individuals within the EU and the European Economic Area (EEA). Effective since 25 May 2018, it is considered one of the strictest privacy and security laws in the world.
Lawfulness, Fairness, and Transparency
We ensure all the processing are legally grounded, ethical, and clearly communicated to the individual.
Purpose Limitation
Data is only collected for specified, explicit, and legitimate purposes. Data will not be repurposed for something incompatible with why it was originally collected, unless new consent is obtained. An exception exists for further processing for archiving in the public interest, scientific/historical research, or statistical purposes, which is generally considered compatible.
Data Minimization
We collect only the data that is adequate, relevant, and limited to what is necessary for your stated purpose. For instance, a newsletter sign-up typically only requires an email address.
Accuracy
Personal data are accurate and kept up to date. Inaccurate data will be erased or corrected without delay.
Storage Limitation
Data only be kept in an identifiable form for no longer than is necessary for the processing purpose. Once the purpose is fulfilled, data is either securely deleted or fully anonymized.
Integrity and Confidentiality (Security)
Data will processed securely using technical and organizational measures. Technical measures include encryption and firewalls, while organizational measures involve staff training and limiting data access.
Accountability
We are complying with the other six principles and able to demonstrate compliance to regulators through maintaining detailed documentation, such as records of processing activities and consent logs.