Compliance console reference
This page describes the fields, states, and values shown in the MapleGather compliance console, found under Admin & Security → Compliance.
DPA signing states
Section titled “DPA signing states”| State | Meaning | Available actions |
|---|---|---|
| Unsigned | Your organization has not yet executed the Data Processing Agreement. | Sign DPA |
| Signed (current version) | DPA executed; your organization is on the current version. | Download executed copy |
| Update required | MapleGather has published a new DPA version. The prior version is archived. | Review and re-sign DPA |
The Sign DPA action is hidden for board members (read-only role). All other tabs are visible to board members.
Sub-processor table columns
Section titled “Sub-processor table columns”| Column | What it shows |
|---|---|
| Name | The third-party service provider. |
| Purpose | What the sub-processor does (for example: email delivery, payment processing). |
| Region | Where the sub-processor processes data. All current sub-processors operate in the US. |
| Status | Active — currently in use. Removed — no longer used by MapleGather. |
A “1 new since last review” badge appears on the tab when any sub-processor was added or removed since you last viewed it. MapleGather also sends an email to your admin-notifications address on any sub-processor change.
Breach SLA (P-level classification)
Section titled “Breach SLA (P-level classification)”| Level | Severity | Customer notification SLA |
|---|---|---|
| P0 | Critical | Within 24 hours of determination. |
| P1 | High | Within 72 hours of determination. |
| P2 | Medium | Best effort. |
| P3 | Low | Best effort. |
SOC 2 posture
Section titled “SOC 2 posture”MapleGather has shipped the foundational SOC 2 controls: audit log, encryption at rest and in transit, access control, and incident response. SOC 2 Type II certification has not yet been issued. The platform is designed to be SOC-2-ready; contact MapleGather support if your RFP requires an Attestation of Compliance (AOC).
Data residency
Section titled “Data residency”All organization data is stored, backed up, and processed in the United States (single-region). No EU data residency option is available at this time.
Permissions required
Section titled “Permissions required”| Action | Required scope |
|---|---|
| View DPA and sub-processors | compliance:view |
| Sign or re-sign the DPA | compliance:sign_dpa |
| View sub-processor list | compliance:view_sub_processors |