Maply takes a defence-in-depth approach to protecting our systems and your data. We design our security program around industry best practices, strong governance, and continuous improvement.
ISO 27001–aligned security program (compliance)
Maply operates an Information Security Management System (ISMS) aligned with ISO/IEC 27001 principles and controls, covering areas such as risk management, access control, incident management, and business continuity.
Our security controls cover areas such as:
- Risk analysis and mitigation
- Data asset classification and handling
- Physical and environmental security (via cloud infrastructure)
- Communications security
- Access control and identity management
- Secure systems development
- Business continuity and disaster recovery
- Incident management
- Compliance and governance
Secured cloud infrastructure
Maply is hosted on Amazon Web Services (AWS), a leading cloud provider with robust security controls, including strict physical access management, surveillance, and security operations monitoring.
We harden our cloud environment using layered security measures such as network controls, firewalls, continuous monitoring, and timely patching.
Encryption Of Data
We protect customer data using encryption in transit and at rest with industry-standard protocols and configurations. HTTPS is enforced on our sites and data endpoints.
Access Control
Maply uses strict access controls based on the principles of least privilege and need-to-know:
- Multi-factor authentication (MFA) for privileged access
- Role-based access controls for internal systems
- Access reviews and revocation processes
We limit internal access to customer data to what is necessary for operations and support, and we do not provide third parties with access to customer accounts.
Secured Development
Security is built into our development lifecycle:
- Controlled release and change management practices
- Secure coding practices and code review
- Automated scanning to identify common security issues and vulnerable dependencies
Monitoring, incident response, and vulnerability management
We use logging and monitoring to detect and respond to suspicious activity and operational issues. We maintain an incident response process to investigate, contain, remediate, and communicate security incidents appropriately.
Business continuity and backups
We design our systems to support availability and resilience, including backups and recovery processes to help protect against data loss and service disruption.
Payments
Maply uses Stripe for payment processing. Stripe is a PCI Service Provider Level 1, which is the most stringent level of certification in the payments industry. This helps protect payment data and reduces the need for Maply to handle sensitive card information directly.
Questions or security review
Enterprise customers often require additional security information (e.g., security overview, vendor questionnaire responses). We’re happy to support these reviews—please reach out via our Contact Us page.
Last updated: January 2026