MacStadium is certified to the highest level of cloud security and data privacy. Our data centers meet or exceed the requirements of even the most demanding teams.
MacStadium is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Our certification can be viewed here.
MacStadium respects your privacy and is committed to protecting the privacy and confidentiality of personal data we collect. Please read our privacy notice carefully to understand our policies and practices regarding your information and how we will treat it.
For companies that require compliance with EU guidelines, MacStadium infrastructure is GDPR (General Data Protection Regulation) compliant and is a natural extension to your existing security and data privacy policies. MacStadium operates as the data “processor” and our customer is the data “controller.”
MacStadium operates a data center in Dublin, Ireland for organizations that require data remaining inside the European Union.
Customers that require a signed DPA to maintain regulatory compliance can contact us. MacStadium has a prepared Data Privacy and Data Security Agreement you can review here.
Credit card purchases for MacStadium services are processed by Chargebee. When our customers provide their credit or debit card information via our website, the data is sent to Chargebee for processing, and the payment data is not stored on our systems.
All communications with MacStadium are transmitted over TLS (HTTPS), and we use SSL encryption to protect visitor data. We provide connectivity to our hardware via SSH and recommend that customers use SSH keys to securely set up their access.
MacStadium maintains 24/7 security incident and event management (SIEM). We monitor our infrastructure at all times with engineers on call to resolve any security-related events. MacStadium’s security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident
reporting and response procedures.
All access to customer systems is automatically logged and recorded via a privileged access control system/secure jump box. Our logging includes system actions as well as the logins and commands issued by our system administrators.
MacStadium’s dedicated security team can provide our SOC 2 report and other non-publicly disclosed information to companies under a non-disclosure agreement (NDA). Additionally, customers interested in our private cloud offering gain access to security and legal audits. If you have questions regarding security or want to request an NDA, contact us.