Security Policy

Last updated: 6/25/2025

Our Security Commitment

At Megaton, Inc., we take the security of your data seriously. We implement industry-standard security measures to protect your information and content from unauthorized access, disclosure, alteration, and destruction. This Security Policy outlines our approach to keeping your data safe.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher, ensuring your information remains secure during transmission.

At Rest

Your data is encrypted at rest using AES-256 encryption. This includes user content, personal information, and backup data.

Access Control

  • Multi-Factor Authentication (MFA):

    We support and strongly recommend enabling MFA for all user accounts to add an extra layer of security.

  • Role-Based Access Control:

    Access to systems and data is granted based on the principle of least privilege, ensuring users only have access to what they need.

  • Regular Access Reviews:

    We conduct regular reviews of user access rights and promptly remove access when no longer needed.

Infrastructure Security

Cloud Security

Our infrastructure is hosted on leading cloud providers with SOC 2 Type II certification and comprehensive security controls.

Network Security

We use firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.

Regular Updates

All systems and software are regularly updated with the latest security patches to address vulnerabilities.

Monitoring

24/7 monitoring of our systems for security threats and anomalous activity with automated alerting.

Application Security

  • Secure coding practices and regular code reviews
  • Input validation and sanitization to prevent injection attacks
  • Regular security testing including penetration testing
  • Dependency scanning for known vulnerabilities
  • Web Application Firewall (WAF) protection
  • Rate limiting and DDoS protection

Data Privacy & Handling

Data Minimization: We only collect and retain data that is necessary for providing our services.

Data Isolation: Customer data is logically separated to prevent unauthorized cross-account access.

Secure Deletion: When data is deleted, it is securely overwritten to prevent recovery.

Incident Response

We maintain a comprehensive incident response plan that includes:

  • Immediate containment and investigation procedures
  • Notification protocols for affected users
  • Post-incident analysis and improvement measures
  • Regular drills to ensure readiness

Compliance & Certifications

We are committed to maintaining compliance with relevant security standards and regulations:

  • GDPR (General Data Protection Regulation) compliance
  • CCPA (California Consumer Privacy Act) compliance
  • Industry best practices and frameworks
  • Regular third-party security assessments

Security Best Practices for Users

We recommend the following security practices for all users:

  • Use strong, unique passwords for your account
  • Enable multi-factor authentication (MFA)
  • Keep your devices and software updated
  • Be cautious of phishing attempts
  • Log out when using shared devices

Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately:

Email: security@megaton.ai

We appreciate responsible disclosure and will acknowledge your report within 24 hours.

Updates to This Policy

We may update this Security Policy as we improve our security measures and practices. We will notify you of any material changes through our website or via email. Please review this policy periodically to stay informed about our security practices.

Contact Us

For security-related questions or concerns:

Megaton, Inc.

Security Team: security@megaton.ai

General Inquiries: general@megaton.ai