Security

Security you can trust

Bare-metal isolation, AES-256 encryption, enterprise DDoS protection, and continuous monitoring. Your infrastructure is protected at every layer.

AES-256

Encryption at rest

TLS 1.3

Encryption in transit

24/7

Security monitoring

SOC 2

Compliance (planned)

Physical Security

Our EU-adjacent data center facility is designed for maximum physical protection.

24/7 on-site security personnel and CCTV surveillance

Biometric access control — fingerprint and badge required

Mantrap entry system with visitor logging

Environmental monitoring: fire suppression, temperature, humidity

Redundant power with UPS and diesel generators

N+1 cooling redundancy

Network Security

Multi-layered network defenses protect every server from external threats.

Enterprise DDoS mitigation — volumetric, protocol, and application layer

Per-server configurable firewall via API, CLI, or dashboard

10 Gbps unmetered uplink with traffic inspection

Network isolation between customer servers

Optional WireGuard VPN tunnel add-on

Dedicated IP addresses available

Encryption

Data is encrypted at rest and in transit using industry-standard algorithms.

AES-256 full-disk encryption on every server

TLS 1.3 for all API and dashboard traffic

SSH keys managed via API — no password authentication

VNC sessions encrypted end-to-end

Backup snapshots encrypted at rest

API keys hashed with bcrypt — we never store plaintext

Access Control

Fine-grained access control for your team and automated workflows.

SSH key-based authentication only (password auth disabled)

API key scoping — read-only or full access

Team roles: Owner, Admin, Member, Billing

Per-server firewall rules to restrict SSH source IPs

Session management with forced logout capability

Activity audit logs for every account action

Data Protection

Your data is backed up, isolated, and recoverable.

Automated daily backups retained for 7 days

On-demand snapshots via API or dashboard

Bare-metal isolation — no hypervisor, no shared tenancy

Secure server decommissioning with disk wipe (NIST 800-88)

Data residency in EU-adjacent jurisdiction

GDPR-aligned data handling practices

Monitoring & Response

Continuous monitoring with rapid incident response.

24/7 infrastructure monitoring with automated alerting

Real-time system status page at macyou.co/status

Incident response team with <1 hour acknowledgment SLA

Post-incident reports published for all major events

Anomaly detection on provisioning and API patterns

Regular vulnerability scanning of platform services

Compliance

We're building toward industry-standard certifications.

SOC 2 Type II

In progress

Audit underway — expected completion Q3 2026.

GDPR

Compliant

EU data residency. DPA available on request.

ISO 27001

Planned

Certification planned for 2027.

Responsible Disclosure

Found a vulnerability? We appreciate responsible disclosure. Please email [email protected] with details. We commit to acknowledging reports within 24 hours, and we won't take legal action against good-faith security researchers.

Questions about security?

Our team is happy to discuss security requirements, provide a DPA, or schedule a security review call.