Home page Hero

MariaDB Trust

At the core of MariaDB is our ability to deliver a secure and scalable service that protects the confidentiality, integrity and availability of our customers’ data.

Security is included at all levels of our technology and operations. Our commitment is to invest in the technology, people and processes that ensure our offerings are safe, secure and private.

Separator

Security

MariaDB utilizes an end-to-end security strategy that enables us to deliver a world-class service while protecting customer data. Below are some of the major controls we leverage to secure our cloud service infrastructure:

Access Control and Monitoring

MariaDB teams must go through a centralized authentication process requiring multi-factor authentication (MFA) in order to perform maintenance and support operations on behalf of customers.

On-prem hosted versions of MariaDB Enterprise Server can be configured with secure configurations by following best practices and PCI and STIG documentation available on MariaDB documentation resources.

Infrastructure and Network Isolation

MariaDB Managed Database (MMD) is hosted on service providers (Google Cloud Platform (GCP), Amazon Web Services (AWS) and Microsoft Azure), which operate data centers in accordance with security best practices. MMD database access is restricted to cloud native private network connections and customer requested allowlisted IP addresses with encrypted connections via firewall rules.

MariaDB Enterprise Server includes replication and clustering for high availability (HA), as well as the MariaDB MaxScale database proxy to enable automatic failover.

Secure Development Life Cycle (SDLC)

MariaDB employs a secure by design philosophy; building security into our products before any code is written. Strict security and quality gates are utilized in every step of our development life cycle – from design to coding, testing and deployment.

MariaDB Enterprise Server undergoes an extensive and comprehensive quality assurance process to ensure reliability for production deployments. In addition, critical features and bug fixes in future releases are backported to ensure long-term stability and support.

Customer Data Protection

MariaDB utilizes state-of-the-art encryption technology to protect customer data both at rest and in transit. Where customer data is hosted by MariaDB, the data-at-rest is encrypted on storage volumes using the Advanced Encryption Standard (AES) algorithm with 256-bit key length and all network traffic is encrypted using transport layer security (TLS).

MariaDB Enterprise Server’s storage engine can encrypt data before writes and decrypt data during reads, ensuring that the data is unencrypted only when accessed directly through the server.

Reporting a Security Concern

For details on reporting a security concern, see our vulnerability reporting procedures.

Compliance

MariaDB is committed to safeguarding the privacy and security of our customers. This includes a robust compliance program that carefully considers data protection matters, including ISO 27001, GDPR and HIPAA requirements. MariaDB operates in accordance with the following compliance requirements:

ISO/IEC 27001:2013

MariaDB has established and maintains an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2013 certification standards for MariaDB Managed Database, MariaDB ID and Remote DBA systems.

ISO/IEC 27001:2013 is a globally recognized standard for the establishment and certification of an Information Security Management System (ISMS). The standard specifies the requirements for the implementation of a continuous security program with adequate and proportionate security controls.

MariaDB’s third party ISO Certification was performed by A-LIGN and is available for download here.

SOC 2 Type II

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability and confidentiality.

MariaDB has achieved SOC 2 Type II which measures the effectiveness of policies and procedures as operated over a period of six months. A-LIGN performs the MariaDB SOC 2 Type II audit on an annual basis.

HIPAA

MariaDB enables customers that are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use MMD to process, maintain and store protected health information (PHI).

HIPAA provides federal data privacy and security safeguards for PHI. It applies to organizations that are HIPAA “covered entities,” including healthcare providers, health plans and healthcare clearinghouses.

The HIPAA requirements also extend to “business associates,” or businesses that work with the covered entities to create, receive, maintain or transmit PHI. Business associates are required to enter into a Business Associate Addendum (BAA) with covered entities to ensure that PHI is adequately protected. Under the HIPAA regulations, MariaDB and other database service providers are considered business associates.

To begin the process of entering into a BAA with MariaDB for MMD, please speak to your sales representative or contact us at legal@mariadb.com.

Please note that each customer is responsible for independently evaluating its own use of MariaDB’s services as appropriate to support its legal and compliance obligations. There is no certification recognized by the U.S. Department of Health and Human Services for HIPAA compliance, and complying with HIPAA is a shared responsibility between the customer and MariaDB.

GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. We are committed to our customers’ success, including supporting their GDPR compliance efforts. Additional information can be found in our Privacy Policy and GDPR FAQ.

Data Processing Addendum
MariaDB offers MariaDB Data Processing Addendum (DPA) as a means of meeting GDPR adequacy and security requirements. Please consider signing and emailing the signed DPA to legal@mariadb.com.

Subprocessors

MariaDB owns and controls logical access, as applicable, to the infrastructure and services maintained by the subprocessors set forth below, while such subprocessors maintain the physical security of their respective servers, networks and data centers. Please consider opting in to receive an email notification upon changes to our subprocessors via the form below.

Depending on your selection and use of MariaDB products and services one or more subprocessors may be relevant to processing of your data.

MariaDB Managed Database

SubprocessorActivityLocation/HQ
Amazon Web Services, Inc., 410 Terry Avenue Seattle, WA 98109-5210 USAIaaSAgreed in an order form
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USAIaaSAgreed in an order form
Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399 USAIaaSAgreed in an order form
Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107 USAApplication SecurityUSA
Elasticsearch, Inc., 800 West El Camino Real, Suite 350, Mountain View, CA 94040, USALogging and MonitoringUSA
Lacework, Inc., 391 San Antonio Road, Floor 3, Mountain View, CA 94040, USASecurity and ComplianceUSA
Zendesk, Inc., 1019 Market Street. San Francisco, California 94103 USACustomer SupportUSA

MariaDB Technical Support and Maintenance Services

Third-party subprocessors

SubprocessorActivityLocation
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USAIaaSUSA, unless otherwise agreed in an order form
Zendesk, Inc., 1019 Market Street. San Francisco, California 94103 USACustomer supportUSA

Subprocessors that help perform our business service functions

SubprocessorActivityLocation
Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USACommunication/CollaborationUSA
Zoom Video Communications, Inc., 55 Almaden Blvd Ste 600 San Jose, CA, 95113-1612 USAVideo and audio conferencingUSA
AgileBits Inc. 4711 Yonge Street, 10th Floor, Toronto, Ontario, M2N 6K8, Canada​
Password ManagerCanada, USA

MariaDB affiliates

Depending on specifics of your support request, on a case by case basis, one or several of MariaDB affiliates may be involved in delivering technical support and maintenance services including, where applicable, Remote DBA. MariaDB is a global organization, and works with the following affiliates, for further information on location specifics reach out to your MariaDB sales team.

MariaDB Affiliates
MariaDB Bulgaria EOOD, 35 Ul. Trakia str. R-N OBORISHTE DISTR., FLOOR 6 1504 Sofia, Bulgaria
MariaDB plc, Finnish Branch, Tekniikantie 12, 02150 Espoo, Finland
MariaDB UK LTD, St Stephens House, Arthur Road, Windsor, Berkshire, England, SL4 1RU
MariaDB USA, Inc., 1900 McCarthy Blvd. Suite 301, Milpitas, CA 95035, USA

* The exact service locations can be agreed upon as further described in the Geographical Restrictions section in MariaDB Subscription Services Policy.

Subscribe to be notified of any subprocessor changes