Security & Trust

Built to clear your IT & Procurement bar

We take security seriously and have put security at the heart of our organization. We are audited anually by TÜV Nord and follow the ISO 27001:2022 Framework.

View Trust Center Book a Security Briefing

ISO 27001 Certified

GDPR Compliant

Governance

Makula's Security & Privacy team establishes policies and controls, monitors compliance with those controls, and proves our security to independent auditors.

Our policies are based on the following foundational principles:

01

Access should be limited to those with a legitimate business need, granted on the principle of least privilege.

02

Security controls should be implemented and layered according to the principle of defence-in-depth.

Security & Compliance

Makula is ISO 27001 certified by TÜV Nord and audited annually, plus fully GDPRcompliant. Our ISO 27001 certificate, the standard DPA, the latest penetration test summary and our up-to-date subprocessor list are all available on our Trust Center.

ISO 27001 Certified

GDPR Compliant

View Trust Center

03

Security controls should be applied consistently across every part of the company — never bolted on after the fact.

04

Implementation can be iterative, continuously maturing across improved effectiveness, increased auditability, & decreased friction.

Data Protection

Data at Rest

All customer data — including databases, file storage and backups — is encrypted at rest with AES-256. Sensitive fields receive additional field-level encryption on top of the storage-level layer.

This means data is encrypted before it ever lands in storage, so neither physical access nor logical access to the database is enough to read the most sensitive information.

Data in Transit

Makula uses TLS 1.2 or higher everywhere data is transmitted over the network — web app, mobile app, API calls and integrations. We also enforce HSTS (HTTP Strict Transport Security) to prevent downgrade attacks.

Server TLS keys and certificates are managed by our hosting provider and rotated on a regular schedule; certificate pinning is in place where appropriate for mobile and high-trust API clients.

Secret Management

Encryption keys are managed via a hosted Key Management Service backed by Hardware Security Modules (HSMs), which prevents direct human access to the underlying key material — including by Makula engineers.

Application secrets are encrypted and stored in a managed secrets system; access is strictly scoped to specific service identities and is fully audit-logged.

Product Security

Makula's Security & Privacy team establishes policies and controls, monitors compliance with those controls, and proves our security to independent auditors.

Penetration Testing

Makula engages an independent penetration testing firm at least annually to test the production application and core infrastructure. All areas of the Makula product and cloud infrastructure are in-scope for these assessments, and source code is fully available to the testers in order to maximise the effectiveness and coverage of every engagement.

Vulnerability Scanning

Makula runs vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):

Static analysis (SAST) testing of code during pull requests and on an ongoing basis.

Software composition analysis (SCA) to identify known vulnerabilities in our supply chain

Malicious dependency scanning to prevent the introduction of malware into our supply chain.

Dynamic analysis (DAST) of running applications.

Network vulnerability scanning on a regular basis.

External attack surface management (EASM) continuously discovering new external-facing assets

Ready to transform your machine maintenance?

Book a demo Contact Sales