Data & Compliance

Data & Compliance

Last Updated: June 13, 2026

MadeIT Codes is built on a foundation of security, transparency, and architectural rigor. As a multi-SaaS ecosystem, we ensure that every application in our registry meets high security standards and complies with international data frameworks. This page outlines our technical safeguards, operational compliance, and security practices.

1. Infrastructure Security Controls

We deploy robust, multi-layered defenses to maintain high availability and prevent data leakage:

  • Data Encryption: All traffic traversing the platform is encrypted in transit using industry-standard SSL/TLS cryptographic protocols. Core database files are encrypted at rest.
  • Network Safeguards: Our production servers operate behind firewalls with intelligent intrusion detection, rate-limiting rules, and automated traffic filtering.
  • Backups & Redundancy: We run automated daily database backups stored in isolated, geographically redundant environments to assure disaster recovery capability.

2. GDPR Compliance

For individuals residing in the European Economic Area (EEA), we actively uphold the data protection principles defined by the General Data Protection Regulation (GDPR):

  • Transparency & Consent: We collect only the data necessary to provide ecosystem services and explicitly detail our processing actions.
  • User Sovereignty: You have the right to request access to, correction of, or permanent deletion of your stored user records.
  • Data Portability: Users can request to export their contact and simulation records in structured JSON or CSV formats.

3. Specialized SaaS Regulatory Compliance

Certain products hosted in our registry process highly sensitive sector-specific data. We configure these modules to satisfy respective regulatory frameworks:

  • COPPA & FERPA (Educational Systems): Products in our ecosystem like SchoolsApp conform to strict guidelines under the Children's Online Privacy Protection Act (COPPA) and Family Educational Rights and Privacy Act (FERPA), ensuring that student data is partitioned, never commercialized, and strictly managed under school district authorizations.
  • Financial Standards: Any SaaS components handling payment subscriptions offload transactions to PCI-DSS compliant credit card processors. No raw banking or card records are stored directly in our primary databases.

4. Data Residency & Subprocessors

By default, our primary cloud services are deployed in secure data centers. When creating sub-accounts or deploying subdomains for isolated SaaS services (e.g., dedicated database instances for BuildLedger), we maintain clear separation policies to satisfy regional data residency requirements specified by enterprise clients.

5. Incident Response & Disclosure

In the event of a suspected security anomaly, we maintain an active Incident Response Protocol to contain, evaluate, and mitigate risks. Affected parties and governing authorities will be notified in accordance with local legal timelines. If you are a security researcher and have discovered a vulnerability on our platform, please report it privately through our contact system for rapid remediation.

6. Regulatory Requests

If you represent a compliance auditing body or wish to submit a formal Data Subject Access Request (DSAR), please use our contact page, selecting the appropriate compliance category.