Skip to content

Compliance console reference

This page describes the fields, states, and values shown in the MapleGather compliance console, found under Admin & Security → Compliance.

State Meaning Available actions
Unsigned Your organization has not yet executed the Data Processing Agreement. Sign DPA
Signed (current version) DPA executed; your organization is on the current version. Download executed copy
Update required MapleGather has published a new DPA version. The prior version is archived. Review and re-sign DPA

The Sign DPA action is hidden for board members (read-only role). All other tabs are visible to board members.

Column What it shows
Name The third-party service provider.
Purpose What the sub-processor does (for example: email delivery, payment processing).
Region Where the sub-processor processes data. All current sub-processors operate in the US.
Status Active — currently in use. Removed — no longer used by MapleGather.

A “1 new since last review” badge appears on the tab when any sub-processor was added or removed since you last viewed it. MapleGather also sends an email to your admin-notifications address on any sub-processor change.

Level Severity Customer notification SLA
P0 Critical Within 24 hours of determination.
P1 High Within 72 hours of determination.
P2 Medium Best effort.
P3 Low Best effort.

MapleGather has shipped the foundational SOC 2 controls: audit log, encryption at rest and in transit, access control, and incident response. SOC 2 Type II certification has not yet been issued. The platform is designed to be SOC-2-ready; contact MapleGather support if your RFP requires an Attestation of Compliance (AOC).

All organization data is stored, backed up, and processed in the United States (single-region). No EU data residency option is available at this time.

Action Required scope
View DPA and sub-processors compliance:view
Sign or re-sign the DPA compliance:sign_dpa
View sub-processor list compliance:view_sub_processors