Our Commitment to Security

GDPR compliant
Marker.io has ensured that your data is handled
securely and complies with the European GDPR framework.
SOC 2 Type II
Our infrastructure is hosted on AWS, which is an SOC2 certified.
Marker.io has started the process of SOC 2 Type II and
expects to be certified by Q1-2024

🌐 Hosting and Storage

Marker.io is hosted in Amazon Web Services (AWS) data center located in Europe region, Ireland. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and more. AWS is SOC2 and ISO-27001 certified.

🔐 Encryption

Marker.io encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Marker.io platform. We also use AES-256-bit encryption to secure your database connection credentials and data stored at REST.

🔌 Integrations Security

Integrations are a big part of what makes Marker.io special. We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, we encrypt all data, and you can revoke access anytime, easily.

👀 Logging and monitoring

We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats. They rely on tools such as AWS Cloudwatch and other tools to ensure the effectiveness of our protective measures.

🚨 Incident response

Marker.io implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems.

You can visit our status page for updates.

🌩️ Disaster recovery

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.

🚪 Penetration Testing

We continuously audit and scan our systems for vulnerabilities. As part of becoming SOC2 compliant, we are currently in the process of working with an external firm to conduct a penetration test at both the application and network levels.

👨 Employee training

All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working with Marker.io.

🔑 Access controls

Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Marker.io environment, are permitted access to Marker.io’s production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.

💳 Payment processing

Marker.io uses Stripe to process payments and does not store personal credit card information for any of our customers. Stripe is certified to PCI Service Provider Level 1 which is the most stringent level of PCI DSS certification available.

💽 Backups

All customer databases are backed up every 6 hours. We replicate core databases across multiple zones in the event of a site disaster.

🛡️SOC 2

We run our infrastructure on AWS which is SOC 2 certified. We are currently working toward getting our own accreditation for SOC2.