Skip to main content

Security built for cultural heritage data

Madrona is hosted on Amazon Web Services with encryption, access controls, and complete audit logging. We provide security documentation for procurement and vendor assessments.

Request security documentation

Infrastructure

AWS hosted

Deployed on Amazon Web Services with automated health checks and recovery procedures.

Encryption in transit

All data encrypted via TLS between your browser and our servers.

Encryption at rest

Database and file storage encrypted via AWS-managed AES-256 encryption.

Automated backups

Database backups with point-in-time recovery. Stored separately from production data.

Search infrastructure

OpenSearch powers full-text search and faceted filtering across collections and media.

Background processing

Asynchronous workers handle media derivatives, data pipelines, and scheduled tasks.

Authentication & access controls

AWS Cognito authentication

User authentication managed by AWS Cognito with support for multi-factor authentication.

Role-based access control

Granular permissions at the field level. Define exactly who can view and edit what across the platform.

Audit logging

Every data change logged with user identity, timestamp, and before/after values. Audit records are restricted from modification in the application layer and can be exported.

Secure session handling

Token-based authentication with configurable session timeouts.

Data protection & portability

Data portability

Full data export in JSON, CSV, and JSON-LD formats. Your data is always yours.

Tenant isolation

Multi-tenant architecture with row-level security. Each organization's data is logically isolated.

Vendor assessments

We respond to security questionnaires and provide architecture documentation for procurement review.

Data sovereignty

Bring your own storage

Connect your own S3, Azure Blob Storage, Google Cloud Storage, or MinIO bucket. Media files are stored directly in infrastructure you control.

Region selection

Choose the AWS region where your managed data is stored. Available regions include US, Canada, Europe, and Asia-Pacific.

Managed migration

Migrate existing media to your own bucket with incremental transfers, parallel processing, and integrity verification.

Custom CDN

Serve media through your own CDN domain with signing key support for access control.

Questions about security?

We provide security documentation for procurement and vendor assessments. Reach out to discuss your requirements.

Contact us