Last updated: 6/25/2025
At Megaton, Inc., we take the security of your data seriously. We implement industry-standard security measures to protect your information and content from unauthorized access, disclosure, alteration, and destruction. This Security Policy outlines our approach to keeping your data safe.
All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher, ensuring your information remains secure during transmission.
Your data is encrypted at rest using AES-256 encryption. This includes user content, personal information, and backup data.
We support and strongly recommend enabling MFA for all user accounts to add an extra layer of security.
Access to systems and data is granted based on the principle of least privilege, ensuring users only have access to what they need.
We conduct regular reviews of user access rights and promptly remove access when no longer needed.
Our infrastructure is hosted on leading cloud providers with SOC 2 Type II certification and comprehensive security controls.
We use firewalls, intrusion detection systems, and network segmentation to protect against unauthorized access.
All systems and software are regularly updated with the latest security patches to address vulnerabilities.
24/7 monitoring of our systems for security threats and anomalous activity with automated alerting.
Data Minimization: We only collect and retain data that is necessary for providing our services.
Data Isolation: Customer data is logically separated to prevent unauthorized cross-account access.
Secure Deletion: When data is deleted, it is securely overwritten to prevent recovery.
We maintain a comprehensive incident response plan that includes:
We are committed to maintaining compliance with relevant security standards and regulations:
We recommend the following security practices for all users:
If you discover a security vulnerability or have concerns about our security practices, please report it to us immediately:
Email: security@megaton.ai
We appreciate responsible disclosure and will acknowledge your report within 24 hours.
We may update this Security Policy as we improve our security measures and practices. We will notify you of any material changes through our website or via email. Please review this policy periodically to stay informed about our security practices.
For security-related questions or concerns: