Our Commitment to Security

Marker.io is hosted in Amazon Web Services (AWS) data center located in Europe region, Ireland. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and more. AWS is SOC2 and ISO-27001 certified.

Marker.io encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Marker.io platform. We also use AES-256-bit encryption to secure your database connection credentials and data stored at REST.

Integrations are a big part of what makes Marker.io special. We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, we encrypt all data, and you can revoke access anytime, easily.

We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats. They rely on tools such as AWS Cloudwatch and other tools to ensure the effectiveness of our protective measures.

Marker.io implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems.

You can visit our status page for updates.

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.

We hire an external firm each year to conduct penetration testing at the network and application levels.

All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working with Marker.io.

Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Marker.io environment, are permitted access to Marker.io’s production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.

Marker.io uses Stripe to process payments and does not store personal credit card information for any of our customers. Stripe is certified to PCI Service Provider Level 1 which is the most stringent level of PCI DSS certification available.

All customer databases are backed up every 6 hours. We replicate core databases across multiple zones in the event of a site disaster.

We are audited by an external firm each year to ensure that we adhere to the security standards set by SOC2.