Last updated: 22 May 2026
Depending on customer configuration, MaayaAI may process security and operational metadata including asset inventory, cloud configuration data, vulnerability findings, CVE records, identity and permission metadata, application/service relationships, AI service metadata, telemetry references, attack path information, control posture, and remediation recommendations. MaayaAI does not require collection of sensitive business content unless explicitly configured by the customer. Customers control which systems, accounts, logs, APIs, and datasets are connected.
MaayaAI uses customer-provided data to: correlate vulnerabilities, assets, identities, controls, telemetry, and business context assess reachability, exploitability, weak controls, and blast radius generate evidence-backed findings and remediation recommendations support natural-language queries through approved model endpoints improve customer-specific security workflows and operational outcomes .
Customer data is not sold to third parties.
MaayaAI CyberMesh may connect to customer-approved AI model endpoints, including Claude-compatible endpoints, through MCP-compatible workflows. Data shared with model endpoints is limited to what is needed to answer the user’s query or execute the requested workflow, subject to customer configuration and access controls.
Customers are responsible for configuring approved model providers, access permissions, and data-sharing policies.
MaayaAI retains customer data only as long as needed to provide the service, support security operations, comply with contractual obligations, or meet legal requirements. Customers may request deletion of their data in accordance with their agreement with MaayaAI.
MaayaAI applies security controls designed to protect customer data, including access controls, least-privilege authorization, encryption in transit, secure API integrations, monitoring, and human-in-the-loop governance for high-impact workflows.
MaayaAI does not sell customer data. MaayaAI may share limited data with authorized subprocessors or model providers only as necessary to deliver the service and only under applicable contractual, security, and confidentiality obligations.
Customers control which data sources are connected, which users have access, which model endpoints are enabled, and which workflows are permitted. Customers may revoke access or disconnect integrations at any time.
Contact Us