Security posture yang bisa dijelaskan ke buyer.
MaximaLabs menangani API keys, order, quota, dan usage. Halaman ini menjelaskan prinsip keamanan sementara sambil program cybersecurity/OpenAI diproses.
Current controls
- HTTPS on public domains.
- API key Bearer auth for model access.
- Payment verification before fulfillment.
- Admin/customer areas separated from public marketing pages.
- Daily DB backup for MaxAI customer data.
Operational stance
- No public credential sharing.
- Keys can be rotated/suspended if exposed.
- Abuse traffic can be blocked to protect capacity.
- Security improvements are tracked as product work, not decoration.
Cybersecurity program
MaximaLabs has submitted eligibility for OpenAI cybersecurity-related access. Once approved, security deliverables can be packaged into MaxAuto/MaxWeb assessments and internal hardening work.