Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to MacStadium's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

If you need to request that our GRC team complete a custom questionnaire or online assessment as part of your vendor evaluation process, please submit the document or URL through this trust center after requesting portal access above and then create security@macstadium.com as the user account in your vendor platform. Please be advised that email requests will not be fulfilled without a registered account and submission of your request through the trust center portal.

Pandora-company-logoPandora
Sauce Labs-company-logoSauce Labs
Dropbox-company-logoDropbox
Shopify-company-logoShopify
Delta Air Lines-company-logoDelta Air Lines
Capital One-company-logoCapital One
AppDynamics-company-logoAppDynamics
Nubank-company-logoNubank
J.P. Morgan & Co.-company-logoJ.P. Morgan & Co.
Johnson & Johnson-company-logoJohnson & Johnson
Accenture-company-logoAccenture
GitLab-company-logoGitLab
Bitrise-company-logoBitrise
Homebrew-company-logoHomebrew
Box-company-logoBox
Thumbtack-company-logoThumbtack
iFood-company-logoiFood
Slack-company-logoSlack
Wix.com-company-logoWix.com
Jamf-company-logoJamf
Swift App School-company-logoSwift App School
Glovo-company-logoGlovo
ISO 27001 Audit Report
Data Flow Diagram (DFD)
Trust Center Updates

MacStadium 2024 Annual Penetration Testing

VulnerabilitiesCopy link

MacStadium's 2024 annual penetration testing engagement performed by Converge Technology Solutions (https://convergetp.com/cybersecurity/) has been completed and all reports are now available for review and download in the trust center .

Published at N/A

Notice of Updates to the MacStadium Privacy Policy and Sub-processor Listing

SubprocessorsCopy link

At MacStadium, we are committed to security, privacy, and transparency. We are writing to notify you that we have updated our Privacy Policy in accordance with the latest EU-US Data Privacy Framework provisions. As such, we encourage you to take a moment to review the updated policy.

These updates will take effect on October 1st, 2024. By using our services on or after that date, you’ll be agreeing to these revisions. You should take the time to read the policy in full, but the key updates include: • Compliance with the UK Extension to the EU-U.S. Data Privacy Framework principles for UK data subjects

Remember, you can use the controls we have described in the updated policy to limit the information we collect about you or how we use it.

Please note that we have also updated the list of MacStadium Sub-Processor Vendors that we use in the marketing, delivery and support of services to our customers. We perform reviews of the data privacy contractual commitments and security controls implemented by each of these vendors on a regular basis to ensure that the same commitments we make to you are maintained by our suppliers.

Updates to the sub-processor listing include: • The addition of ZenDesk as a new sub-processor used for the purpose of customer service & support • The addition of ProductBoard as a new sub-processor used for the purpose of product management customer engagement

If you have any questions or concerns, please contact us at privacy@macstadium.com.

Thank you,

MacStadium Data Privacy Team

Published at N/A

Security & Compliance is a Shared Responsibility

GeneralCopy link

MacStadium security & compliance Shared Responsibility Models are now available for download in the trust center documents listing.

Security and Compliance is a shared responsibility between MacStadium and the customer. This shared responsibility model can help relieve the customer’s operational burden as MacStadium manages security controls for the infrastructure supporting your dedicated cloud environment down to the physical security of the facilities in which the service operates.

The customer assumes responsibility and management of the infrastructure software and data within their dedicated private cloud environment (including updates and security patches), other associated application software as well as the management of the MacStadium provided firewall at the time of service handoff. Customers should carefully consider the services they choose as their responsibilities vary depending on the product technologies and services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility is intended to provide flexibility and customer control.

Please refer to MacStadium's Consensus Assessment Initiative Questionnaire (CAIQ) for additional detailed information regarding customer, MacStadium, and 3rd party responsibilities.

Published at N/A

MacStadium Joins the Cloud Security Alliance STAR Registry

ComplianceCopy link

MacStadium is proud to announce that it has joined the Cloud Security Alliance as a solution provider member listed in the Security, Trust, Assurance, and Risk (STAR Level-1) registry to demonstrate our ongoing commitment to promoting cloud security best practices for our company and our customers.

Please visit https://cloudsecurityalliance.org/star/registry/macstadium-inc/services/mac-cloud-compute to learn more.

Published at N/A*

MacStadium Achieves FSQS Certification

ComplianceCopy link

MacStadium is proud to announce that it has achieved FSQS certification for Third Party Risk Management and Compliance for the Financial Services Sector.

FSQS (Financial Services Qualification System) is a community of financial institutions including banks, building societies, insurance companies and investment services, collaborating to agree a single standard for managing the increasing complexity of third and fourth-party information needed to demonstrate compliance to regulators, policies and governance controls.

Learn more at https://hellios.com/fsqs/

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo