Security and compliance at Make

Strict vulnerability management processes to identify and resolve threats. Regular penetration testing by independent third parties to ensure that our platform is safe and secure.

Robust access control measures. Our hosting environment is only accessible from the private network via VPN and does not support direct access from the public internet.

We support single sign-on authentication with Google, Facebook, and GitHub. Advanced role and team management functions within an organization's profile. Enterprise customers have the option to use their own SSO implementation. If you want to find out more: Talk to sales.

Our cluster is deployed over two zones to guarantee availability. Our infrastructure resides within Amazon AWS EC2 private instances (Amazon VPC) with Amazon Enterprise support in place. Learn more about AWS security here.

Our developers adhere to coding standards in accordance with the Open Web Application Security Project (OWASP). Static Application Security Testing (SAST) is also in place to improve Make’s Software Development Life Cycle (SDLC).

We are committed to protecting our customers' data and employ advanced security practices to keep data safe and secure. By default, log data is stored for 30 days. In our Enterprise Plan, we also offer the ability to store data for an extended period. If you want to find out more: Talk to sales.

Every connection between Make and a third-party service provider is established in the most secure available way. In some cases (e.g. FTP, databases), customers have the option to manually set the security level. We secure our network communication with TLS version 1.2 and 1.3 using AES 256 encryption.

All passwords are stored in an encrypted format and can’t be reproduced by anyone - not even Make employees. We use full-disk encryption within the industry-standard AES-256 encryption algorithm and AWS Key Management Service (KMS) for managing cryptographic keys.