maiLane is built on a hardened, multi-tenant architecture with defense-in-depth controls, independent audits, and continuous monitoring — without slowing your team down.
TLS 1.3 in transit on every channel. AES-256 at rest across all storage layers. Optional customer-managed encryption keys via AWS KMS for Enterprise customers.
SAML 2.0 / OIDC SSO, SCIM 2.0 provisioning, passkeys, hardware-backed MFA, IP allowlisting, and granular session controls.
Workloads isolated per region in dedicated VPCs. Private network paths for storage and key management. Continuous vulnerability scanning.
SDLC with mandatory code review, dependency scanning, static analysis, and annual external penetration testing.
Every admin and user action emits a structured, tamper-evident event. Stream to your SIEM, S3 bucket, or Datadog in real time.
Pin customer data to EU or US regions. Region-locked processing for regulated workloads.
maiLane maintains an active compliance program reviewed by external auditors and updated continuously.
Annual audit covering security, availability, and confidentiality. Latest report available under NDA.
Information security management system certified by an accredited registrar.
Customers can sign our DPA online. EU data residency available for all plans.
BAA available on the Enterprise plan. Dedicated environment for regulated workloads.
Privacy program aligned with California consumer privacy regulations.
Security and privacy questionnaires returned within 5 business days for active prospects.
Real-time component health and a transparent incident log at status.mailane.net.
We welcome reports from independent researchers. Encrypted reports to security@mailane.net (PGP key on request) receive an acknowledgement within 24 hours.