Our customers entrust us to keep their data secure, and we take this seriously. This page gives an overview of the security practices we follow at Mayday.
Hosting
Our service runs entirely on the Amazon Web Services (AWS) platform, which allows us to ensure the application is secure, reliable, and scalable. Mayday uses AWS's London region, so all data storage and processing occurs within the UK. AWS are certified and compliant with thousands of global compliance programs. See the AWS security page for more information.
Encryption
All data is encrypted at rest using AES-256 when stored in Mayday's servers, and all data is encrypted in transit using at least TLS 1.2. All our web traffic, both in your browser and to our servers, is protected by SSL.
API Security Audits
We undergo regular audits by Xero to ensure that our platform meets the standards of security required of an approved application provider.
User Accounts
Users log in to Mayday via Xero, which requires two-factor authentication to complete.
You can invite other users to collaborate with you in Mayday. This is done using the email address that user logs in to Xero with, and so will be subject to the same two-factor authentication requirements.
Data
Your data is owned by you. We fetch the data required to run Mayday's systems from your accounting platform and store that on our databases. The data remains on AWS servers and within AWS security zones at all times. All data is backed-up regularly and stored securely within AWS.
When you cancel your subscription and your final billing period is complete, all data will be deleted.
Some of our staff have limited access to your data in order to provide support. The data is only accessible via secure login with two-factor authentication via Xero. Your data is never shared with any third parties.
Your credit card and billing info is transmitted and stored securely with our third part billing provider, Paddle.
Privacy
Your privacy and the integrity of your data is important to us. For more information on privacy see our Privacy Policy.