HeyMaia
Legal

Security

heymaia® - Last updated: January 2026

How We Protect Your Project and Your Data

At heymaia®, we take the security of the information you entrust to us seriously. We don’t have corporate certifications or a 50-person security team, but we do implement real and conscious practices to protect your data, your code, and your credentials.

Here’s how we work.

1. Credentials Management

We don’t save your passwords in plain text, sticky notes, or browsers.

  • We use a professional password manager with end-to-end encryption
  • Each project has its credentials isolated and organized
  • When a project ends, we remove access from our records
  • We never share passwords through insecure channels (SMS, unencrypted email)

Recommendation: If you share access with us, do so through services like 1Password, Bitwarden, or temporary links. Avoid sending username and password in the same message.

2. Secure Connections

We work exclusively from protected connections.

  • We use VPN for all work connections
  • We don’t access client projects from public networks (coffee shops, airports, etc.) without protection
  • File transfers are done through encrypted channels (SFTP, HTTPS)

3. Storage and Backups

Your files aren’t floating around in uncontrolled free services.

  • We have our own NAS server for project file storage
  • We maintain periodic backups of projects in development
  • Backups are on infrastructure we control, not just in public cloud
  • When a project is finished, we deliver a complete backup and subsequently delete our copies (according to agreed terms)

4. Own Infrastructure

We don’t exclusively depend on third parties for everything.

  • We operate private servers for development and testing
  • We use selfhosted tools whenever possible, which means:
    • Greater control over where data is
    • No dependency on third-party privacy policies
    • Less exposure to massive security breaches

This philosophy is also offered as a service for clients who want to have control over their own tools (see section 7).

5. Secure Development

We write code with security in mind from the start.

  • We follow secure development best practices (input validation, data sanitization, secure session handling)
  • We don’t store user passwords in plain text in the applications we develop
  • We use HTTPS/SSL on all web projects
  • We keep dependencies and libraries updated to avoid known vulnerabilities
  • Source code is maintained in private repositories with restricted access

6. Team Confidentiality

Everyone involved in your project is committed to confidentiality.

  • Our collaborators and subcontractors sign confidentiality agreements
  • Access to each project is limited only to the people working on it
  • We don’t share information from one client with another, even if the projects are similar or in the same industry

7. Service: Selfhosted Infrastructure for Your Business

Are you concerned about where your data is? Do you want to stop depending on cloud services that change their terms or prices without notice?

We offer configuration and deployment of selfhosted services so your company has total control over its tools:

  • Project management: Alternatives to Trello, Asana, Monday
  • Cloud storage: Your own “Google Drive” or “Dropbox”
  • CRM and databases: No user limits or per-contact costs
  • Automation: n8n, Node-RED and other automation tools
  • Communications: Internal chat, video calls, email
  • Web analytics: Alternatives to Google Analytics with total privacy

Benefits:

  • Your data on your server, under your control
  • No recurring costs per user or storage (only hosting)
  • No surprise changes in terms of service
  • Simpler compliance with privacy regulations

Contact us to evaluate which tools you can migrate to your own infrastructure.

8. What We DON’T Do

Being transparent also means telling you what we don’t have:

  • We don’t have ISO 27001, SOC 2 or similar certifications. We’re a small agency with solid practices, not a corporation with a compliance department.
  • We don’t offer “absolute security” guarantees. Nobody can do that. What we do guarantee is that we take reasonable and conscious measures.
  • We don’t perform security audits or pentesting. If you need those services, we can refer you to specialists.

9. Vulnerability Reporting

If you discover a security vulnerability in any project developed by heymaia® or on our website, we ask that you report it responsibly before disclosing it publicly.

Contact for security reports: 📧 [email protected] Subject: “Security report”

We appreciate any report and commit to:

  • Respond within a maximum of 72 hours
  • Investigate and fix confirmed vulnerabilities
  • Give you credit (if you wish) for the discovery

10. Frequently Asked Questions

Where do you store my project code? In private repositories with restricted access. You won’t have access during development (see Terms and Conditions, clause 8.2), but upon completion and payment of the project you’ll receive the complete code.

What happens to my credentials when the project ends? We delete them from our password manager. We recommend you change passwords for critical services once our relationship concludes.

Can I request that all my information be deleted? Yes, you can exercise your right of cancellation according to our Privacy Policy. Keep in mind that some data we must retain for legal and tax obligations.

Do you use artificial intelligence? Is my data used to train models? We use AI tools to accelerate development, but we don’t send confidential client data to AI services. Sensitive code and business information is handled locally or in tools where we have control over privacy.

Contact

Do you have questions about our security practices or want to know more about selfhosted services?

heymaia®

  • Email: [email protected]
  • Phone: +52 1 664 318 8306
  • Location: Tijuana, Baja California, Mexico

© 2026 heymaia® - All rights reserved.