Security & Data Handling

This page provides a non-technical overview of how Madrona approaches security and data handling. It is intended to support vendor assessment and procurement review processes. For binding commitments, please refer to our Terms of Service and Privacy Policy.

Infrastructure

Madrona is hosted on Amazon Web Services (AWS). We use AWS-managed services for compute, storage, database, search, authentication, and background processing. Our infrastructure includes:

• Managed PostgreSQL database with automated backups and point-in-time recovery.
• Object storage (AWS S3) for media assets and file uploads.
• OpenSearch for full-text search and faceted filtering.
• Background workers for media processing, data pipelines, and scheduled tasks.
• Automated health checks and recovery procedures.

Encryption

• In transit: All data is encrypted via TLS between the user's browser and our servers. Internal service communication also uses encrypted channels.
• At rest: Database and file storage are encrypted using AWS-managed AES-256 encryption keys.

Authentication and Access Control

• Authentication is managed by AWS Cognito, with support for multi-factor authentication (MFA).
• Role-based access control with granular permissions at the field level. Administrators define who can view, edit, or approve changes to specific data.
• Session management uses token-based authentication with configurable timeouts.

Audit Logging

Every data change within the platform is recorded with:

• The identity of the user who made the change.
• A timestamp.
• Before and after values for each modified field.

Audit records are restricted from modification within the application layer and can be exported for review. Audit logging is designed to support institutional accountability and governance requirements.

Multi-Tenant Architecture

Madrona uses a multi-tenant architecture with row-level security. Each customer organization's data is logically isolated within the shared infrastructure. Access controls enforce tenant boundaries at the application and database layers.

Backups and Recovery

• Automated database backups with point-in-time recovery.
• Backup data is stored separately from production data.
• We periodically test recovery procedures to verify backup integrity.

Data Portability

Customers can export their data in standard formats at any time:

• JSON - structured data export.
• CSV - tabular data for spreadsheet tools.
• JSON-LD - linked data export suitable for interoperability and CIDOC-CRM mapping.

Upon subscription termination, Customer Content remains available for export for thirty (30) days.

Data Sovereignty

Customers can choose where their media files are stored and how they are served.

• Bring your own storage - Connect your own S3, Azure Blob Storage, Google Cloud Storage, or MinIO bucket. Media files are stored directly in infrastructure you control.
• Region selection - Choose the AWS region where your managed data is stored. Available regions include US, Canada, Europe, and Asia-Pacific.
• Managed migration - Migrate existing media to your own bucket with incremental transfers, parallel processing, and integrity verification.
• Custom CDN - Serve media through your own CDN domain with signing key support for access control.

Incident Response

In the event of a security incident that materially affects Customer Content, we will:

• Notify the affected customer promptly and without undue delay.
• Investigate the cause and scope of the incident.
• Take reasonable steps to contain and remediate the issue.
• Cooperate with the customer in any investigation as appropriate.

Vendor Assessments

We respond to security questionnaires and provide architecture documentation for procurement and vendor assessment processes. If you require documentation for your review, please contact us.