Security and Data Privacy.

Trust Center | Privacy & Compliance | Trust Center Package

Trust Center

Matterport is committed to upholding our customers’ trust in their data security. We demonstrate this by maintaining their data security, privacy, and availability within our systems. We continue to invest in enterprise-grade certification of our practices, showcasing our transparency and that we're committed to the highest levels of Enterprise service.

Security

Encryption

Matterport uses TLS protocol with 256-bit AES encryption to protect data in transit. User data, such as login credentials, is sent through encrypted public channels. All data is encrypted at rest within the databases. Encryption keys are stored separately, and have restricted, administrator-only access.

Data center security

The Matterport infrastructure is hosted within Amazon’s AWS ecosystem. Matterport infrastructure was designed and engineered inline with AWS’ best practices as they pertain to security and availability. Matterport is an active member of the AWS APN, (Amazon Partner Network), and leverages the many available network resources to ensure Matterport is aligned with industry best practices while providing a safe, scalable, and reliable computing platform.

SSO

Matterport offers single sign-on (SSO) through Security Assertion Markup Language (SAML) 2.0 to authenticate its cloud portal. We have successfully onboarded customers with PingID, Okta, OneLogin, Microsoft Azure, ADFS, and more as Identity Providers (IdPs).

Incident response

Matterport's privacy incident response plan and escalation procedures ensure timely and effective handling and communications to all affected customers in the event of a confirmed data breach that may potentially expose their data. Matterport is in close contact with supervisory legal authorities to handle such cases.

SOC 2 Type II

The Matterport GRC program (Governance, Risk, and Compliance) is here to help meet your organization’s compliance needs. We undergo independent third-party, annual audits against SOC2’s Trust Principles of Security, Availability and Confidentiality.

Availability

System Status

System availability is monitored by multiple 3rd party applications and/or services. This information is published on https://status.matterport.com. Matterport publicly shares system availability information to transparently provide customers with operational visibility, earning and maintaining their trust.

Redundancy

Matterport designed redundancy and maximum availability into our network infrastructure. In the event of failure, All components for critical operation are configured for near-seamless transition, and deployed such that customers are protected from major disruption in web, storage, network and servers.

Disaster recovery

Matterport's critical servers are installed in AWS within each one region across all availability zones. If one of the data centers fails, the second data center is configured to take over all production tasks, guaranteeing minimal service disruption or capacity loss. In the event of a major disruption or disaster, Matterport's emergency response team will activate the disaster recovery plan.

Backup and restoration

Matterport maintains redundancy and backup processes for our service databases. In the unlikely event of massive server failure, restoration of the entire production system is in place. Mirrored data is protected in geographically disparate locations and configured to automatically come available if a primary database server fails.

Robust networking environment

Matterport's global network footprint enables us to serve customers across the world with the highest level of safety and speed.

Data reliability

Data can be restored to a point-in-time within 1 second of precision for the past 7 days. Data is stored with 99.999999999% durability and 99.99% availability of objects over a given year.

Privacy and Compliance

Matterport's privacy program is designed to respond to today’s applicable privacy rules and regulations and takes into account many of the world’s major data protection regimes. Matterport’s formal, documented, and governed data privacy program is designed to secure and protect the data entrusted to us by our customers and ensure our customers’ right to privacy is respected. Our privacy program ensures that all data is collected, accessed, stored, and processed in an acceptable and compliant manner. Read our Privacy Policy here.

Compliance with Privacy Regulations

Matterport handles personal information with compliance in mind. Matterport's CIO ensures compliance with the privacy regulations and security standards it is subject to, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the United Kingdom’s Data Protection Act (2018) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

Data Processing Addendum ("DPA")

In addition to maintaining Matterport’s Terms of Use and Privacy Policy designed to support and adapt to changing regulatory requirements and industry standard practices, Matterport is pleased to offer a comprehensive Data Processing Addendum (DPA). Our DPA is designed to meet the requirements of applicable data privacy laws and regulations, including the CCPA, GDPR, UK GDPR and PIPEDA. Learn more and get a copy of our DPA here.

Sub-processors

Matterport engages with first and third-party Sub-processors located in the United States and Australia to provide and operate our services. You can learn more about our Sub-processors here.

Technical and Organizational Measures

Matterport’s technical and organizational security measures are designed to prevent the unauthorized access to personal data, and to ensure the ongoing confidentiality, integrity, and availability of Matterport’s products and services. Detailed information regarding Matterport’s security measures can be found here.

Cookies

Learn more about how we use Cookies.

Trust Center Package

Matterport is committed to providing customers with all relevant security documentation such that we can provide services as a trusted organizational partner for customers of all sizes. We have compiled the information within this package to address the most frequently asked questions and other security-related documentation. If you have additional questions, let us know!

Download our Trust Package:

The information contained in this Trust Package is provided for informational purposes only, and should not be construed as legal advice on any subject matter. No recipients of Matterport’s Trust Package, clients or otherwise, should act or refrain from acting on the basis of any content included in the Trust Package without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a licensed attorney. The content of Matterport’s Trust Center contains general information and may not reflect current legal developments, verdicts or settlements. Matterport expressly disclaims all liability in respect to actions taken or not taken based on any or all the contents of this Trust Center.