Frequently Asked Questions

We can fill out security questionnaires for customers who commit to our Enterprise plan. If you plan to buy a Starter or Team plan, you should find enough information on our website and help center to fill out your questionnaire yourself.

Yes. Enterprise customers can request a copy of our report.

As a Marker.io user, your data is stored in our secure cloud environment, hosted by Amazon Web Services. The data is geographically located in the eu-west-1 region, Ireland

AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance, and more. AWS is SOC2 and ISO-27001 certified.

Yes.

Data in transit between end-users and Marker.io’s cloud environment is encrypted using HTTPS over TLS 1.2. This is verifiable by an independent check that can be performed via SSL Labs

In addition, we also use AES-256 bit encryption to secure your database connection credentials and data stored at rest.

Integrations are a big part of what makes Marker.io special. We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, we encrypt all data, and you can revoke access anytime, easily.

All customer databases are backed up every 6 hours. We replicate core databases across multiple zones in the event of a site disaster.

We run on Node.js, Vue.JS, AWS & MongoDB

Security is directed by Marker.io’s Chief Technology Officer. We also have a full-time DevOps manager on staff.

Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Marker.io environment, are permitted access to Marker.io’s production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.

Yes. We hire an external firm to conduct a penetration test at both the application and network levels.

Security training is provided to all new team members during their onboarding. The training aims to provide a baseline understanding within the context of Marker.io, its values and how we appropriately implement controls to help protect Marker.io and the data we store.

Our DevOps team uses a combination of services to proactively monitor the infrastructure, networks, and systems. We have adopted an approach strategy that covers appropriate application security checklists to remediate any vulnerabilities. The team uses a combination of tools such as Cloudflare WAF, Amazon CloudWatch, Rapid7 InsightOps, and AWS Network Firewall to strengthen our security capabilities.

We take security very seriously at Marker.io due to the sensitivity of our customers' data. We review security issues as soon as possible and you can report them by emailing security@marker.io.

We have alert notifications sent to the appropriate engineers via email, SMS, or integrations with uptime management tools, allowing us to detect incidents before customers are even aware. In case of a potentially severe security incident, we're committed on informing any affected users.

You can also find our status page here.

Yes, you can find our status page here.

We are SOC 2 Type 2 certified.

We have a thorough process for evaluating which vendor we partner with, including reviewing security and data privacy practices.

We do not currently run a bug bounty program, but we encourage anyone to report vulnerability issues to our security team. We review all messages sent at security@marker.io

You can reach out to our security team at security@marker.io, or use the in-app chat and we will route your message to our security team.