Security First
Maia handles sensitive business data and credentials. Security and privacy are fundamental to every aspect of the platform.Your data is your data. Maia processes it only as needed for your workflows and never uses it to train AI models or share with third parties.
Data Handling Principles
1. Isolation
Your data is completely isolated:- Each account operates in a separate, encrypted environment
- No data leakage between customers
- Even ModularMind staff cannot access your data without explicit permission
2. Transient Processing
Data is not stored permanently:- AI models process data in memory during workflow execution
- Only results are stored in your workspace
- Unless you explicitly ask Maia to send it to an external database, processed data is discarded after execution
3. No Training Data
When Maia uses GPTs, Claude, or Gemini:- Data is sent to these services for processing
- Maia uses enterprise agreements with these providers that prohibit training on customer data
- Your workflows and data remain confidential
Credential Security
Browser Session Storage
Maia’s “Secure Browser” capability uses air-gapped credentials:1
You Log In
You authenticate to a website (e.g., Gmail, LinkedIn) in a secure browser session
2
Session Stored
The session cookies (not your password) are encrypted and storedEncryption: AES-256 encryption at rest
3
Maia Uses Session
When workflows need access, Maia uses the stored sessionAI Model Sees: Only the rendered screen (visual pixels)
AI Model Does NOT See: Cookies, passwords, authentication tokens
4
You Control
You can revoke stored sessions anytime from your Maia settings
OAuth Tokens
When you authorize Maia to access services:- Standard OAuth 2.0 flow (same as “Login with Google”)
- Tokens stored encrypted
- Automatic refresh when tokens expire
- Revocable from service provider
Network Security
Infrastructure
Maia runs on enterprise-grade infrastructure:- AWS / GCP: Industry-leading cloud providers
- Private VPCs: Isolated network environments
- Firewalls: Restrict access to authorized traffic only
- DDoS Protection: Provider-level protection
Privacy & Compliance
GDPR Compliance
For EU customers: ✅ Right to Access: Download all your data✅ Right to Erasure: Delete all data on request
✅ Data Portability: Export in standard formats
✅ Consent Management: Clear consent for data processing
✅ Data Processing Agreement: Available for enterprise customers
Incident Response
Monitoring
Maia’s security team monitors for:- Unauthorized access attempts
- Unusual API activity
- Data exfiltration attempts
- Service disruptions
Breach Notification
In the unlikely event of a security breach:1
Detection
Automated systems + security team identify issue
2
Containment
Immediate action to stop unauthorized access
3
Notification
Affected customers notified within 72 hoursEmail includes:
- What happened
- What data was affected
- What we’re doing about it
- What you should do
4
Remediation
Fix vulnerability, enhance security
5
Post-Mortem
Public transparency report (if appropriate)
Trust Center
For more security information:- Privacy Policy: How we handle your data
- Terms of Service: Legal agreement
Next: FAQ
Have questions about plans, limits, and model access? Find answers here.