Mape
Mape
All systems operational

Trust Center

How we protect your data

0

Data breaches since founding

< 72h

Breach notification commitment

100%

MFA coverage all systems

EU

Data residency

Compliance

MAPE builds AI agents that work with your data. That means we don't treat security as an afterthought. It's embedded in everything we do. From encryption to access control, from incident response to AI transparency.

Updated: March 2026

GDPR Compliant

Compliant

Record of Processing Activities maintained, data processing agreements with clients, 72-hour breach notification obligation, data subject rights ensured.

View Privacy Policy

EU AI Act Compliant

Compliant

AI System Register maintained with risk classification per system, no high-risk or prohibited AI applications.

View Responsible AI

How we protect your data

Security is built into every part of how we work.

Updated: March 2026

Encryption

  • All data encrypted in transit (TLS/HTTPS) and at rest (AES-256)
  • Credentials stored in encrypted password manager, never in code

Access Control

  • Multi-factor authentication required on all platforms
  • Every team member and every agent gets access only to what's needed

Vulnerability Management

  • Periodic security scans for vulnerabilities and leaked credentials
  • Findings are addressed and verified immediately

Incident Response

  • Documented incident response plan with clear responsibilities
  • Data breach notification: within 72 hours to the Dutch Data Protection Authority

Responsible AI

  • Every AI agent operates under human oversight, no autonomous decisions on critical actions
  • All AI systems documented and classified per EU AI Act

Business Continuity

  • Daily backups with version control and recovery capability
  • Credentials centrally managed and periodically rotated for fast recovery after incidents

Data & Infrastructure

Updated: March 2026

EU Data Processing

  • Client databases hosted in EU-Frankfurt
  • Email and business data processed within EU data centers

Backups

  • Automatic version control on all files
  • Daily database backups

AI Processing

  • Client data is not used for model training
  • Prompts and outputs are not stored after processing

Data Isolation

  • Each client project has its own isolated environment
  • No shared databases between clients

Data & Sub-processors

Updated: March 2026

MAPE works with carefully selected sub-processors for AI processing, cloud infrastructure, business tools, and security. All sub-processors outside the EU are bound by Standard Contractual Clauses (SCCs). Our complete sub-processor list with certifications and data locations is available on request.

security@mapemedia.com

Our clients trust us with their data and processes. We take that trust seriously. Security is not an afterthought at MAPE, it is the foundation everything is built on.

Mats de Winter

Operations & Finance Director, MAPE

Policy Documents

Updated: April 2026

Public documents

Privacy Policy
Cookie Policy
Responsible AI Statement

Documents on request

Frequently Asked Questions

Yes. We maintain a Record of Processing Activities, sign data processing agreements with clients, adhere to a 72-hour breach notification obligation, and ensure data subject rights. See our Privacy Policy for more information.

We maintain an AI System Register in which every AI system is classified by risk. None of our systems fall into the high-risk or unacceptable category. See our Responsible AI page.

No. Client data is never used for training AI models. Prompts and outputs are not stored by our AI providers after processing.

We work with leading AI providers. None of these providers store client data or use it for model training. More details are available on request via security@mapemedia.com.

Client data is stored in EU data centers. Where data is processed outside the EU, Standard Contractual Clauses (SCCs) apply. Our complete sub-processor list is available on request via security@mapemedia.com.

Yes. We have a documented incident response plan. In the event of a data breach, we report it within 72 hours to the Dutch Data Protection Authority and inform affected clients directly.

Yes. Our public documents (privacy policy, cookie policy, responsible AI) are directly available. Other documents are available on request via security@mapemedia.com.

We comply with the GDPR and the EU AI Act. ISO 27001 and ISO 42001 certifications are on our roadmap and will be pursued as we grow.

Security questions?

Contact our security team for questions about security, data privacy, or to report a vulnerability.

security@mapemedia.com

© 2026 MAPE Consultancy (MAPE Media VOF) · KvK: 86736159 · Last updated: April 2026

Trust Center - Beveiliging & Compliance | MAPE Media | Mape