Our Commitment to Security

GDPR
Marker.io has a Data Processing Agreement (DPA)
for customers to sign upon request.
SOC 2 Type 2 - In progress
Marker.io has started the process of SOC 2 Type 2 certification.
This will demonstrate that our security policies, measures, and procedures rigorously protect customer data.

Physical security

Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS).

Our servers are based in Europe Region, Ireland.

AWS data centers feature state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is highly restricted, and they are monitored by professional security personnel. Our offices are equipped with access control, intrusion detection, and video surveillance systems.

Account security

All communications are encrypted over SSL/TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions

Software security

Our systems run the latest stable versions of Ubuntu or Amazon Linux and our applications run on the latest stable version of Node.js.

We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog), and we run automated vulnerability scanners, including retire.js and nsp, at regular intervals and before each deployment.

Our developers receive training for secure software development, including Open Web Application Security Project guidelines.

All major code changes are subject to a multipoint code review, with specific attention paid to security.

Firewall & DDoS mitigation

We use Cloudflare Web Application Firewall.

We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.

Data security

All customer data is stored with at least dual redundancy, and we've designed our storage solution for 99.999999999% long-term durability.

Private screenshots

By default, new screenshots are private and you are the only one able to access them. Only when you share them to one of our integrations or via link are they get accessible outside of Marker.io. At any time, you can decide to delete your screenshots.

Integration Credentials

For Jira, when you enter your authentication credentials in Marker.io, they are first ciphered using a highly secure algorithm (AES 256 bits) and then stored in our encrypted MongoDB database.

For all the other integrations, we use OAuth2/OAuth3, which means we ask for certain permission to access your tool. The token we get from that connection is unique and stored securely in our encrypted database.

Employee access

Marker.io's team access is controlled by a carefully managed and audited security policy. All team members sign non-disclosure agreements to protect your data. All employees receive tools and training for handling sensitive data (including credentials) and for avoiding social engineering and other non-technical attacks.

Logging

We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.

Payment processing

We process payments with Stripe, which has been audited by a Payment Card Industry Standard-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of PCI DSS certification available. Payment information is transmitted directly to Stripe via HTTPS for secure storage and is never transmitted to or stored on Marker.io servers.

Regular audits

We conduct regular internal security audits and review our hardware, software, and physical security configurations. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid mitigation and transparent customer communication.

Security reviews

As we're a small startup, we don't have the bandwidth to fill out security questionnaires and reviews. If you have a few important high-level questions, we’re happy to do our best to answer them.

GDPR

At Marker.io, we are committed to complying with GDPR, CCPA, PECR and other privacy regulations on our website and on our product too. The privacy of your data — and it is your data, not ours! — is a big deal to us.

The team is based in Europe and the legal entity incorporated in Belgium.

All your data are store in Amazon server in Ireland. For encryption, we use https in transit and the hashing process at rest.

We’ve tried hard to limit external services that we use, and none of them have access to any of the data that we do collect. No third party vendors are involved other than the hosting company that owns the servers where the data is stored. Below, you can find a list of our data processors.

Data Processors

Here's a list of all the data processors we have at Marker.io.

More concerns?

Contact us and we'll be happy to answer all your questions.

Marker.io SRL
BE0556.685.968
Rue d'Alost, 7
1000 Brussels,
Belgium
info@marker.io