Maps can now be locked and set to private, giving you total control over who is looking at your data. No one can see your private maps without your access token.
The new private map settings apply to all data uploaded to your account, like raster imagery from a drone flight or uploaded GPS traces from your fleet. Starting today, new maps are private by default, and if you want to apply these privacy controls to all of your existing maps, you can make the change with a single click. Access tokens give you a powerful way to control permissions: in our management interface, you can create, revoke, and monitor the usage of resources based on tokens.
In addition to private maps, all data uploaded to Enterprise accounts using Mapbox Studio or the Upload API is encrypted with AES256 and stays encrypted-at-rest forever.
Private maps are now available to all Premium and Enterprise accounts, and data encryption is now deployed for all Enterprise users. This is in addition to the existing security features available to every Mapbox account. Every account includes HTTPS access to Mapbox’s APIs, optional two-factor authentication, and a focus on security at every level of our platform.
We will add more security features in the coming months, including:
- Self-destructing access tokens: Allow access to maps or data for a limited time with credentials that automatically expire.
- Teams: Allow other Mapbox accounts limited access to your account to work with styles and data. You will be able to require two-factor authentication for each member of your team.
- Tokens API: Programmatically create, edit, and delete access tokens for the Mapbox API.
- Audit Log: Managers will be able to see the history of every action that happens across your account and team.
- Data Jurisdiction: Control where (which countries) your data and maps are stored across our cloud - more on how we protect location data from unlawful searches and our op-ed in Techcrunch on unconstitutional search.