Security is foundational to T-Matic AI. Your knowledge graph holds your brand's most sensitive strategic and operational data. This page describes the measures we take to protect it.

If you have discovered a potential security vulnerability, please see the Responsible Disclosure section at the bottom of this page.

Infrastructure and Hosting

T-Matic AI runs on cloud infrastructure provided by leading cloud providers with SOC 2 Type II, ISO 27001, and FedRAMP certifications. Our infrastructure is deployed in the United States with redundancy across multiple availability zones to ensure availability and resilience.

• All infrastructure is provisioned through infrastructure-as-code with version-controlled configuration
• Network traffic is segmented and protected by firewalls; internal services are not directly internet-accessible
• Production and development environments are fully isolated
• Automated vulnerability scanning runs continuously on our infrastructure and dependencies

Data Encryption

Your data is encrypted both in transit and at rest.

• In transit: All data transmitted between your browser, the T-Matic AI application, and our services uses TLS 1.2 or higher. We enforce HTTPS and use HSTS.
• At rest: All stored data, including knowledge graph content, account information, and generated content, is encrypted at rest using AES-256.
• Database encryption: Database volumes are encrypted, and sensitive fields use application-level encryption in addition to storage-level encryption.
• Secrets management: API keys, credentials, and secrets are stored in a dedicated secrets management system with access logging. They are never stored in code or version control.

Access Controls

Access to customer data by our team is restricted on a strict need-to-know basis.

• Internal access to production systems requires multi-factor authentication (MFA) and is logged
• Access is granted via role-based permissions; no individual has broad standing access to customer data
• Access to customer data requires approval and is reviewed regularly; all access is audited
• Employee access is revoked immediately upon offboarding
• Employees complete security awareness training upon hire and annually thereafter

Within your own account, T-Matic AI supports role-based access controls (on Team and Enterprise plans) so you can define who can create, review, approve, and publish content.

Authentication

• Passwords are hashed using a modern adaptive hashing algorithm (bcrypt)
• Multi-factor authentication (MFA) is available for all accounts and strongly recommended
• Session tokens are rotated on authentication and expire after periods of inactivity
• Rate limiting is applied to login and authentication endpoints to prevent brute-force attacks
• Suspicious login activity triggers alerts and optional account lockout

Application Security

• Code is reviewed by engineers before merging and goes through automated static analysis and dependency scanning
• We follow OWASP Top 10 guidelines and conduct periodic security assessments
• Input validation and output encoding are applied throughout the application to prevent injection attacks
• Content Security Policy (CSP) and other security headers are enforced
• Third-party libraries are monitored for known vulnerabilities and updated promptly

Data Isolation

Each knowledge graph is fully isolated at the data layer. Data from one account or brand cannot be accessed by another. On Agency and Enterprise plans, each client's knowledge graph is siloed — there is no shared data between client workspaces.

We do not use your knowledge graph data or generated content to train AI models, and we do not share your data with other customers.

Incident Response

We maintain an incident response plan that includes detection, containment, investigation, remediation, and post-incident review. In the event of a confirmed data breach affecting your account:

• We will notify affected customers without undue delay, and within 72 hours where required by applicable law
• Notification will include the nature of the incident, data categories affected, and steps we are taking
• We will provide guidance on steps you can take to protect yourself

To report a suspected security incident, contact [email protected] immediately.

Business Continuity and Backups

• Customer data is backed up continuously with point-in-time recovery capability
• Backups are encrypted and stored in geographically separate locations
• Recovery procedures are tested regularly
• System uptime and performance are monitored 24/7 with automated alerting

Third-Party Audits and Compliance

We are working toward SOC 2 Type II certification. Customers on Enterprise plans may request access to our security documentation and the results of our most recent assessments under NDA.

Our subprocessors (cloud providers, AI model providers, payment processors) are evaluated for security and compliance before onboarding and reviewed periodically. A current list of subprocessors is available upon request.

Responsible Disclosure

We appreciate the work of security researchers and the broader security community. If you discover a potential vulnerability in T-Matic AI, please disclose it to us responsibly:

• Email [email protected] with a description of the vulnerability and steps to reproduce
• Give us reasonable time to investigate and remediate before disclosing publicly
• Do not access, modify, or delete customer data beyond what is necessary to demonstrate the vulnerability
• Do not conduct testing that degrades service availability or impacts other users

We will acknowledge your report within 2 business days and keep you informed as we investigate. We will not pursue legal action against researchers who disclose in good faith in accordance with these guidelines.

Contact

For security questions, concerns, or to report a vulnerability:

MavenEcommerce Inc. dba MavenSolutions
Attn: Security
111 Congress Ave, Ste 500
Austin, Texas 78701
[email protected]