What mapsmcp.com does today to protect your data, what's on the roadmap, and how to report a vulnerability. Last updated: 2026-05-22.
workspace_private in a one-way operation that cannot be flipped to public by any subsequent code path.list_admin_access_log MCP tool.Postgres (with the PostGIS extension) on Supabase Pro, single region (US East). Supabase uses managed AES-256 encryption at rest and TLS 1.2+ for all client connections. Daily automated backups with point-in-time recovery on a 7-day window.
DigitalOcean Spaces (Amazon S3-compatible storage), NYC3 region. Used for caching upstream source archives (Census boundary file bundles, Census American Community Survey pulls, geocoder responses) and for the static-tile cache. AES-256 encryption at rest. No customer-uploaded dataset content is stored here — that lives exclusively in Postgres dataset_records rows.
Application logs are captured by DigitalOcean App Platform with 7-day retention. We log request method, path, status, latency, and workspace ID — never request bodies or response bodies (which could contain customer data).
Every API request resolves to exactly one workspace via the bearer token. Every database query against workspace-owned tables (datasets, reports, workspace shape collections, dataset_records, webhook_endpoints, etc.) filters on workspace_id at the application layer. There is no cross-workspace read path in any code path.
System shape collections (us-counties, us-states, us-cd119, us-tracts, us-zcta, us-school-unified, us-sldu, us-sldl) are globally readable. Customer-ingested shape collections (created via upload_shape_version or ingest_geojson) are workspace-scoped — only the creating workspace can read or render them.
Three tools enforce a one-way "this stays private" guarantee that protects against future code or UI bugs accidentally exposing data:
lock_dataset — once locked, the dataset cannot back a public report. Any create_report({ public: true }) referencing it is rejected.lock_report — once locked, the report rejects any flip to public.set_workspace_default_privacy_locked — toggles a workspace-wide default: new datasets and reports are created with the privacy lock already set.These are one-way. There is no unlock tool, by design — the audit trail you need to convince a compliance reviewer "this was always private" relies on the lock being uncircumventable.
When a Maps MCP operator reads a resource in your workspace — for support, debugging, or any reason — the access is recorded with timestamp, operator ID, the resource accessed, and the reason. The full log is available to you at any time via list_admin_access_log from your workspace.
This is what "audit-logged admin reads" means in our context. It's not optional and it's not after-the-fact — the log is written before the resource is read.
API keys are 32-byte random tokens shown to you once at workspace creation and stored bcrypt-hashed in the database. We cannot recover a lost key — issue a new one via create_child_workspace_key (or for the root workspace, contact support). Keys are scoped per workspace; a single workspace can hold multiple keys for rotation.
Every outbound webhook POST is signed with HMAC-SHA256 in the x-mapsmcp-signature header (Stripe-compatible format: t=<unix>,v1=<hex>). Verification examples are in the embed docs. Reject deliveries where |now - t| > 5 minutes to defeat replay attacks.
The Pro plan supports up to 25 walled-off child workspaces under one bill. Each child has its own API key, its own data, and its own privacy locks. Sibling child workspaces cannot see each other's data. Parent workspace operators can list children but cannot read child workspace data without using the child's own API key.
Vendors that may handle your workspace data, in service of running the product:
describe_report, interpret_hotspot, compare_versions_narrative). Customer-supplied dataset values + report titles + descriptions are sent to Claude. No data is sent to Claude unless you call one of those tools.geo_isochrone with provider: "mapbox". The lat/lng you pass + your isochrone parameters are sent to Mapbox. No workspace dataset content.bulk_match_addresses and lookup_district_for_address. Addresses you submit are sent to the public Census geocoder. No other workspace content.Status: in pre-audit evaluation. We're working through the Vanta-style control map (access management, change management, vulnerability management, vendor risk, incident response, business continuity). Realistic timeline: Type I audit by end-Q3 2026, Type II observation window through Q4 2026, attestation by end-Q1 2027. We'll update this page as milestones land.
Status: scaffolding shipped (set_workspace_kek, get_workspace_kek, clear_workspace_kek — record the customer's key-management reference today; encryption goes live in Sprint D). AWS Key Management Service first (largest enterprise footprint), HashiCorp Vault second, Google Cloud Key Management Service third. Join keys (geographic identifiers) stay in plaintext so server-side aggregation still works; only payload columns will be encrypted.
Status: protocol spec'd (mTLS auth, deterministic manifest with SHA-256 content hash, /healthz + /queue-depth backpressure, webhook back-channel for cache invalidation). Runner image is on the roadmap. Enables customers to do join/aggregation work on data that never leaves their perimeter — your cloud stays canonical for shapes; the runner pulls shape updates and executes locally.
Already true in practice — all infra is US East. We'll add an explicit per-workspace flag + opt-in restriction that rejects any future expansion to non-US regions. Targeting Q3 2026.
Not yet shipped. Asked for by clients with campaign-cycle-bounded data ("auto-delete after the November election"). Targeting Q3 2026.
Email [email protected] with a description, reproduction steps, and any proof-of-concept. We commit to acknowledging within 2 business days and providing a remediation timeline within 7 business days. We welcome coordinated disclosure and credit researchers in our public security advisory log (coming with the SOC2 attestation page).
For DPAs, sub-processor list updates, SOC2 status letters, or any custom security questionnaire, email [email protected]. We've already filled out enough of these to get fast.
50 calls/month. Workspace isolated. No credit card.
Create your free workspace