← Home

Security Policy

Last Updated: February 23, 2026

Overview

MapleLink builds automation systems that handle sensitive business data. Lead contact details, booking information, and internal workflows. We take the security of that data seriously. This policy outlines the safeguards we put in place for every client engagement.

1. Infrastructure

  • Hosting: Client-facing websites are deployed on Vercel with automatic TLS (HTTPS) on every connection.
  • Automation Platform: Workflow engines run on isolated, access-controlled instances. Never shared across clients.
  • Databases: Production databases use encrypted connections (SSL/TLS) and are hosted on managed platforms with automatic backups.
  • DNS & Edge: Domain traffic is routed through providers that offer DDoS protection and edge caching by default.

2. Access Control

  • Least Privilege: Only the people who need access to a client's systems have it. Credentials are never shared in plain text.
  • Authentication: All internal tools and dashboards require authentication. Webhook endpoints use secret-based header authentication.
  • API Keys & Secrets: Stored in environment variables or encrypted credential stores. Never hard-coded in source files or committed to version control.

3. Data Handling

  • Data in Transit: All data transmitted between services uses TLS encryption.
  • Data at Rest: Databases and file storage use encryption at rest where supported by the hosting provider.
  • Data Retention: We retain client data only as long as needed to deliver the service. Upon contract termination, client data is deleted within 30 days unless otherwise agreed.
  • No Selling: We never sell, share, or monetise client data. Period.

4. Incident Response

In the event of a security incident affecting client data:

  • We will notify affected clients within 72 hours of confirmed discovery.
  • We will provide a clear description of what happened, what data was affected, and what steps we are taking.
  • We will implement remediation measures and share a post-incident summary.

5. Vulnerability Reporting

If you discover a security vulnerability in any MapleLink system, please report it responsibly by emailing hello@maplelinkservices.ca with the subject line "Security Report". We will acknowledge receipt within 48 hours and work to resolve confirmed issues promptly.

Questions

If you have questions about our security practices, contact us at hello@maplelinkservices.ca.