Matterport is committed to upholding our customers’ trust in their data security. We demonstrate this by maintaining their data security, privacy, and availability within our systems. We continue to invest in enterprise-grade certification of our practices, showcasing our transparency and that we're committed to the highest levels of Enterprise service.
Matterport uses TLS protocol with 256-bit AES encryption to protect data in transit. User data, such as login credentials, is sent through encrypted public channels. All data is encrypted at rest within the databases. Encryption keys are stored separately, and have restricted, administrator-only access.
Data center security
The Matterport infrastructure is hosted within Amazon’s AWS ecosystem. Matterport infrastructure was designed and engineered inline with AWS’ best practices as they pertain to security and availability. Matterport is an active member of the AWS APN, (Amazon Partner Network), and leverages the many available network resources to ensure Matterport is aligned with industry best practices while providing a safe, scalable, and reliable computing platform.
Matterport offers single sign-on (SSO) through Security Assertion Markup Language (SAML) 2.0 to authenticate its cloud portal. We have successfully onboarded customers with PingID, Okta, OneLogin, Microsoft Azure, ADFS, and more as Identity Providers (IdPs).
Matterport's privacy incident response plan and escalation procedures ensure timely and effective handling and communications to all affected customers in the event of a confirmed data breach that may potentially expose their data. Matterport is in close contact with supervisory legal authorities to handle such cases.
SOC 2 Type II
The Matterport GRC program (Governance, Risk, and Compliance) is here to help meet your organization’s compliance needs. We undergo independent third-party, annual audits against SOC2’s Trust Principles of Security, Availability and Confidentiality.
System availability is monitored by multiple 3rd party applications and/or services. This information is published on https://status.matterport.com. Matterport publicly shares system availability information to transparently provide customers with operational visibility, earning and maintaining their trust.
Matterport designed redundancy and maximum availability into our network infrastructure. In the event of failure, All components for critical operation are configured for near-seamless transition, and deployed such that customers are protected from major disruption in web, storage, network and servers.
Matterport's critical servers are installed in AWS within each one region across all availability zones. If one of the data centers fails, the second data center is configured to take over all production tasks, guaranteeing minimal service disruption or capacity loss. In the event of a major disruption or disaster, Matterport's emergency response team will activate the disaster recovery plan.
Backup and restoration
Matterport maintains redundancy and backup processes for our service databases. In the unlikely event of massive server failure, restoration of the entire production system is in place. Mirrored data is protected in geographically disparate locations and configured to automatically come available if a primary database server fails.
Robust networking environment
Matterport's global network footprint enables us to serve customers across the world with the highest level of safety and speed.
Data can be restored to a point-in-time within 1 second of precision for the past 7 days. Data is stored with 99.999999999% durability and 99.99% availability of objects over a given year.
Privacy & Compliance
Compliance with Privacy Regulations
Matterport handles personal information with compliance in mind. Matterport's CIO ensures compliance with the privacy regulations and security standards it is subject to, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the United Kingdom’s Data Protection Act (2018) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
Data Processing Addendum (“DPA”)
Matterport engages with first and third-party Sub-processors located in the United States and Australia to provide and operate our services. You can learn more about our Sub-processors here.
Technical and Organizational Measures
Matterport’s technical and organizational security measures are designed to prevent the unauthorized access to personal data, and to ensure the ongoing confidentiality, integrity, and availability of Matterport’s products and services. Detailed information regarding Matterport’s security measures can be found here.
Trust Center Package
Matterport is committed to providing customers with all relevant security documentation such that we can provide services as a trusted organizational partner for customers of all sizes. We have compiled the information within this package to address the most frequently asked questions and other security-related documentation. If you have additional questions, let us know!
The information contained in this Trust Package is provided for informational purposes only, and should not be construed as legal advice on any subject matter. No recipients of Matterport’s Trust Package, clients or otherwise, should act or refrain from acting on the basis of any content included in the Trust Package without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a licensed attorney. The content of Matterport’s Trust Center contains general information and may not reflect current legal developments, verdicts or settlements. Matterport expressly disclaims all liability in respect to actions taken or not taken based on any or all the contents of this Trust Center.