Security and Compliance
at Mavenlink
"Security isn’t just something we do; it’s a core part of our business."
Taison Kearney
VP of Business Systems and Information Security
Mavenlink is a pure multi-tenant Software as a Service (SaaS) application. We separate customer accounts logically at the data layer to protect the security and privacy of your data, while enabling the most sophisticated project collaboration experience available today.
Independent Audit
Mavenlink meets or exceeds the standards of SSAE 18 (SOC1 Type II) and AICPA SOC2 Type II, and has for the past four years with no exceptions noted. We are audited over the entire calendar year to ensure compliance at the highest possible level, and our system controls are audited for effectiveness in addition to design.1
1 SOC Type II reports audit the effectiveness of controls in addition to their design, whereas SOC Type I reports audit design only.
Control your Account
Manage user provisioning and system access using your Single Sign-On (SSO) system, or use configurable policies in Mavenlink. Control what your users can see by using system, project, and field-level permissions.
Mavenlink is committed to protecting the privacy of your users and your data. We have certified our services, for which we act as data processor, under the EU-U.S. and Swiss-U.S. Privacy Shield Framework .
Industry Leading Uptime
Mavenlink is committed to providing industry leading uptime across all services, with all planned maintenance occurring outside of US business hours (typically 7-10pm PT). We are hosted on the industry-leading AWS cloud, and we operate multiple redundant systems that are resilient to any single point of failure.
Quality Software
Mavenlink practices Agile, Test Driven Development (TDD), and Pair Programming to provide exceptional data integrity with a seamless user experience. We have over 45,000 automated tests in our continuous integration pipeline, a dedicated QA team, and release updates as often as several times per day.
Data Protection
Mavenlink protects all data in transit or at rest using industry standard Transport Layer Security (TLS) and AES encryption. Customer data backups are encrypted and shipped from our primary datacenter (AWS Oregon Region) to multiple off-site locations, including our disaster recovery site (AWS Virginia Region) that houses a live-updated standby database system.
Information Security
Mavenlink maintains a secure cloud-based infrastructure hosted with AWS. All systems run an Intrusion Detection System (IDS), are patched regularly, and remote access is strictly controlled. Mavenlink employees requiring access must complete successful background checks and use a secure virtual private network (VPN) connection with two-factor authentication.
24x7x365 Monitoring
Application performance and security is independently audited on an annual basis, and is monitored 24x7x365 by our full time in-house Operations team. Mavenlink also operates a responsible disclosure program through HackerOne to incentivize third-party security researchers.