Your data security is our top priority. Learn about our security practices and compliance certifications.
Enterprise-grade security for all users
TLS 1.3 encryption for all data in transit. AES-256 encryption for data at rest.
JWT-based authentication with secure refresh tokens. Optional SSO for Enterprise.
Hosted on secure cloud infrastructure with redundancy and automatic backups.
24/7 security monitoring with Sentry error tracking and automated alerts.
Role-based permissions. Team members only see projects they have access to.
Complete audit trails for Enterprise customers. Track all actions and changes.
Effective Date: December 1, 2025 | Last Updated: December 1, 2025
This Security Policy ("Policy") describes some of the security measures, controls, and practices implemented by Maveda LLC, doing business as Beacon and Beacon Accessibility ("Beacon," "we," "us," or "our"), to protect the confidentiality, integrity, and availability of data processed through our web accessibility testing platform (the "Service").
This Security Policy generally outlines our approach to information security and describes the technical, administrative, and physical safeguards we implement to protect customer data and maintain the security of our Service. This Policy applies to all aspects of our Service, including our web application, APIs, infrastructure, and operational processes.
This Security Policy complements and should be read in conjunction with:
Where this Security Policy addresses technical security measures, the Privacy Policy focuses on data protection practices and privacy rights, while the Terms of Service establish contractual obligations and limitations of liability.
Beacon is operated by:
Maveda LLC
Doing business as Beacon and Beacon Accessibility
P.O. Box 3267
Bloomington, IN 47401
United States
Our security program is built upon fundamental principles that guide all security decisions and implementations:
Defense in Depth:
We implement multiple layers of security controls to ensure that if one control fails, others remain in place to protect data and systems.
Least Privilege:
Access to systems and data is restricted to the minimum necessary for users to perform their designated functions.
Security by Design:
Security considerations are integrated into all phases of our development lifecycle, from initial design through deployment and maintenance.
Continuous Improvement:
We regularly assess and enhance our security posture through monitoring, testing, and incorporating industry best practices.
Beacon is committed to maintaining robust security controls appropriate for a SaaS platform handling accessibility testing data. We recognize that security is not a destination but an ongoing journey requiring constant vigilance, adaptation, and improvement. Our commitment includes:
Our Service infrastructure is hosted on enterprise-grade cloud platforms with robust physical and environmental security controls.
All data transmitted between clients and our Service is encrypted using industry-standard protocols. Data stored within our systems is protected using strong encryption.
We implement cryptographic controls in accordance with industry standards:
Vendor Access Management: No standing third-party access to production systems. Temporary access is granted only when necessary and sessions are supervised. We maintain a full audit trail of third-party activities and require non-disclosure agreements.
Real-Time Monitoring: Continuous monitoring of system health and security events incorporating automated alerts for suspicious activities. We conduct performance monitoring to detect anomalies and network traffic analysis for threat detection.
Notification Timeline: We will notify you as soon as practical and/or legally required.
Notification Methods: Emails will be sent to affected users' registered addresses, and we may also provide in-application notifications, a website security notice, or we may mail you if required.
Primary Security Contact: Should you experience a non-emergent cyber incident while utilizing our Platform, please email: security@beaconaccessibility.com, and include "URGENT" in the subject line. If you do not receive a response within 24 hours, please email support@beaconaccessibility.com.
Emergency Response: For active security incidents affecting multiple customers, we maintain 24/7 on-call procedures with defined escalation paths and response teams.
Responsible Disclosure: Should you discover a vulnerability with our Platform in accordance with ethical practices, please email to coordinate security@beaconaccessibility.com before making any disclosure regarding the same.
Security Questions: Email: support@beaconaccessibility.com and include "Security Question" in subject line.
Mailing Address: Maveda LLC, Attn: Security Team, P.O. Box 3267, Bloomington, IN 47401, United States.
Policy Review: This Policy is reviewed annually, at a minimum.
Customer Notification: Customers are provided a 30-day advance notice for material changes via Email notification to registered addresses and/or in-application notifications and/or Website posting of updated policy.
Material Changes Include: Significant changes to security controls, new data processing locations, changes to encryption standards, and modifications to incident response procedures.
Acceptance Requirements: Continued use of our Service constitutes acceptance of any and all Policy changes.
No Absolute Security: While we implement comprehensive security measures, no system can be absolutely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use information for improper purposes. Users acknowledge this inherent limitation of digital security.
Evolving Threat Landscape: Security threats continuously evolve, and we adapt our defenses accordingly. However, there may be periods where new threats emerge before countermeasures can be implemented. We commit to responding promptly to new threats as they are identified.
Provider Security: While we carefully select security-conscious providers, we cannot guarantee their security measures. Provider security incidents may affect our Service despite our best efforts.
Integration Security: Third-party integrations may have different security standards. Users should evaluate the security of any integrations they enable and understand the associated risks.
We encourage all users to familiarize themselves with this Security Policy and to contact us with any questions or concerns. Your security is our priority, and we welcome feedback on how we can better protect your data and improve our security posture.
For security-related inquiries, vulnerability reports, or concerns, please contact us at security@beaconaccessibility.com. For general support questions, please contact support@beaconaccessibility.com.
Thank you for trusting Beacon with your accessibility testing needs. We are committed to maintaining the highest standards of security to protect your data and ensure the reliable operation of our Service.
Maveda LLC, doing business as Beacon and Beacon Accessibility
© 2025 Maveda LLC. All rights reserved.
Security Policy Version 1.0
Effective Date: December 1, 2025 | Last Updated: December 1, 2025
We appreciate the security community's efforts to keep our platform safe. If you discover a security vulnerability, please report it responsibly.
Security researchers who report valid vulnerabilities will be acknowledged in our security hall of fame (with permission).
Our team is happy to answer questions about our security practices and compliance.
Contact Security Team