Yes — data security is a core principle at Macha. We apply industry-standard encryption across all layers of our platform to protect your information at rest and in transit.
Encryption at Rest
Sensitive data stored by Macha is encrypted using:
-
AES-256-GCM, a highly secure and modern encryption standard
-
Field-level encryption, meaning each sensitive field (e.g., agent responses, email addresses) is encrypted individually
-
Salted key derivation (scrypt) for managing and securing encryption keys
This ensures that even if data is accessed maliciously, it remains unreadable without the proper decryption keys — which are stored and managed separately.
Encryption in Transit
All communication between systems is protected using:
-
TLS 1.2 or higher for secure data transfer
-
Encrypted connections between browser clients, Supabase, MongoDB, OpenAI, and other services
This means your data is protected not just at rest, but also when it moves through the network.
Additional Protections
-
PII Redaction: Personally Identifiable Information (like agent emails or customer references) is redacted where possible.
-
Separation of Encryption Keys: Keys are never stored with the encrypted data itself.
-
Minimal Storage: Sensitive data is only stored when absolutely necessary, and deleted after the retention period.
Summary Table
| Protection Layer | Method |
|---|---|
| Encryption at Rest | AES-256-GCM + field-level encryption |
| Encryption in Transit | TLS 1.2+ across all services |
| PII Redaction | Redacted and encrypted wherever needed |
| Key Management | Salted derivation, keys stored separately |
Still Have Questions?
If you’d like more technical detail or need our Security Overview, contact us at support@getmacha.com.