● SecurityBuilt for inspectors

Audit-grade by default.

Every action MAIA takes is signed, replayable, and traceable to the signals that produced it — engineered for sovereign tenants, regulated industries, and inspectors who answer to a higher bar.

01 · Trust PostureCertifications · Controls

Six commitments we make, in writing.

Posture isn’t a banner — it’s a row in a ledger your auditor can read. Here’s where we are, and where we’re headed.

  1. 01

    SOC 2 Type II

    In progress

    Independent audit underway; Type I controls operational, Type II window opened 2026.

  2. 02

    ISO 27001

    Alignment

    Controls mapped to Annex A; certification path scheduled after SOC 2 Type II close.

  3. 03

    GDPR · PIPEDA

    Compliant

    Data Processing Addenda available; lawful-basis logging and subject-rights tooling built in.

  4. 04

    FedRAMP

    Path scoped

    Reference architecture aligned to Moderate baseline; sponsor engagement in flight for public-sector tenants.

  5. 05

    Per-tenant residency

    Available

    Canada, US, EU, and customer-cloud regions — data and ledger never cross the boundary you pin.

  6. 06

    Cryptographic action ledger

    Always-on

    Every drafted action is signed, sealed, and replayable. Forensics is a primitive, not a feature flag.

02 · Data PostureAt rest · In transit · Tenancy · Retention

The data plane, made boring.

Encryption, tenancy, and retention done the standard way — so the interesting work happens above it, not inside it.

01
At rest
AES-256 envelope encryption. Customer-managed keys (KMS / HSM) supported for sovereign tenants.
02
In transit
TLS 1.3 between every hop. Internal service mesh mutual-TLS; no plaintext on the wire.
03
Tenancy
Per-environment isolation by default. Single-tenant deployment available for regulated workloads.
04
Retention
Configurable per data class. Default-deny on PII export; legal-hold and right-to-erasure built in.
03 · Deployment ModesThree paths · One substrate

Deploy where the data lives.

Some operators need MAIA in production tomorrow. Some can’t let a packet leave the building. The substrate is the same; the boundary is yours.

  1. 01

    Managed

    MAIA cloud

    Hosted by MAIA in your chosen region. SOC 2 controls, hardened defaults, fastest time to production.

  2. 02

    Customer cloud

    Bring your own

    Deploys inside your AWS, Azure, or GCP account. Your VPC, your IAM, your key material. We operate the runtime.

  3. 03

    On-prem · air-gapped

    Sovereign

    Full installation inside a sovereign or classified environment. Disconnected updates, signed image bundles, customer-controlled ledger.

04 · DisclosureCoordinated · Responsible

Found something? Tell us.

We run coordinated disclosure. Email findings to the address below — encrypted reports welcome. We triage within one business day, acknowledge the reporter, and credit you publicly once the fix ships, unless you ask us not to. No bug-bounty theatre; real engineers respond.

security@maiaintelligence.io
BeginBriefing · Architecture review

Walk the architecture with us.

Send your security questionnaire. We’ll respond with diagrams, control mappings, and the ledger walkthrough.

Request a briefing