Security, data residency & trust

MaxInvent is built for UK ecommerce sellers who run real marketplace, stock and dispatch operations. This page summarises the security and data-residency controls we use today, and the controls we verify during onboarding for larger customers.

UK hosting and data residency

• Application infrastructure is hosted in AWS London (eu-west-2).
• Primary databases and file uploads are kept in UK-hosted services.
• Customer data is not intentionally transferred to US-hosted product infrastructure by default.

Tenant isolation

MaxInvent uses a database-per-tenant architecture for customer environments. Each tenant has a separate PostgreSQL database rather than sharing a single schema with other customers. Marketplace ISO data is also separated by marketplace service.

Access control

• Role-based access control is used for staff and admin areas.
• Tenant routes are bound to host-derived tenant context.
• Marketplace areas are blocked from tenant subdomains.
• Production access is limited to authorised maintainers.

Backups and operational resilience

Production is deployed using a blue-green release process so changes can be built, health-checked and switched with minimal downtime. Marketplace synchronisation jobs are monitored for stale runs and operational drift.

Responsible disclosure

If you believe you have found a security issue, email support@maxinvent.uk with a clear description, affected URL, reproduction steps, and your contact details. Please do not access, modify, delete or exfiltrate data that does not belong to you.

Important note

This public page is a summary, not a formal security certification. For procurement, DPA, vendor-review or enterprise requirements, contact hello@maxinvent.uk and we will provide the relevant operational details under the right commercial process.