Security Lock

Security is core to who we are

Being Customer First is a core value of Matik and the foundation of this is ensuring that Matik is secure. The purpose of this page is to provide an overview of the security measures and policies Matik has in place. If you have additional questions or comments around our security practices/policies please reach out to security@matik.io

Data Security

All storage of user data is encrypted at rest with strong encryption keys following industry best practices. Matik does not store the content of customer’s data sources; but instead only the minimum credentials required to access the data. In the event a customer’s credentials are compromised, it is their responsibility to revoke access of the credentials in the Matik app and refresh them with new ones. Additionally, the credentials are encrypted and not viewable by Matik employees or customers once they are saved.

Matik uses Amazon Simple Storage Service (S3) and Relational Database Service (RDS) to store user data including user profiles, data credentials, and content generated from customer data. Both the databases in RDS and buckets in S3 have strong access controls set and are encrypted at rest using the industry-standard AES-256.

Security Incident Detection and Management

Matik takes industry-standard steps to prevent unauthorized access to cloud assets (hosted by AWS) and log key events in that system. Matik uses the Amazon Web Application Firewall (WAF) to protect against unauthorized access to our web application servers, as well as Amazon CloudTrail to record key events to our systems, such as: logins, changes to security lists, and access to protected assets such as databases or S3 buckets. These systems are connected to an alerting system, which alert Matik’s security team in the event of anomalous activities. In the unlikely event of a data breach, Matik will notify all affected customers no later than 72 hours after discovery.

Security Certifications

SOC2 Certified

SOC 2 Certified

Matik has received both its SOC 2 Type I and Type II certification.

GDPR Certified

GDPR Compliant

We have made significant efforts to ensure Matik is in compliance with the EU's General Data Protection Regulation (GDPR).

Data Backups

Customer data is backed up with a regular cadence using Amazon Relational Database Service (RDS). Following Amazon best practices, Matik creates a full daily snapshot of the database as well as recording transaction logs so that the database can be restored to any time in the past. Each snapshot is saved for 30 days.

Backups are not publicly accessible and are accessible only by Matik technical employees who require access as part of their role. All accesses to backups are logged per customer and are available upon request. Additionally, backups are encrypted at rest, so in the unlikely event an attacker gains access, the content remain inaccessible.

Data Access Management

Matik allows customers to inherit existing data permissions from data sources. Matik administrators have the ability to request each user to log into data sources in order to verify that they have sufficient access required to generate the content within the presentation.

Additionally, we use SAML to integrate with your SSO provider (such as Okta) to further manage who has access to Matik.

Matik Employee Access

Matik ensures that all employee accounts with access to sensitive assets are created following Matik’s user account policy:

Physical and Office Security

Matik ensures that the office is inaccessible by non-employees. Matik also ensures that all the computers used for work will have full disk encryption, strong user passwords, and anti-virus programs installed.

Mobile devices used for work have at minimum a 6 number passcode and optionally biometric security as well as full disk encryption. Additionally, all employees are strongly encouraged to use a password manager that generates long, strong, and unique passwords for each service.

Change Management

Matik ensures that unauthorized users will not be able to change the code of the product and that all changes to the production code are logged and monitored.

Access to Matik’s code repository is controlled via an RBAC and push to production access is restricted to a small subset of the organization. Two factor authentication is required for access to the code base. Sensitive data including user data and access tokens will never be added to the code repository.