Skip to main content
Security FAQ

Frequently Asked Questions About Security Practices

Gary Gaspar avatar
Written by Gary Gaspar
Updated over 2 months ago

This section provides answers to common questions about the security and privacy of Marker.io, including data storage, encryption, security measures, data retention policies, incident handling, accreditation, vendor assessment, and bug reporting.

Learn more about our security commitment here → https://marker.io/security

Frequently Asked Questions

Can you fill out my security assessment?

We can complete security questionnaires for customers who commit to our Custom plans. Otherwise, you should find enough information on our website and help center to fill out your questionnaire yourself.

Are you SOC 2, Type 2 certified?

Yes. Enterprise customers can request a copy of our report.

Where do you store my data?

As a Marker.io user, your data is stored in our secure cloud environment, hosted by Amazon Web Services. The data is geographically located in the eu-west-1 region, Ireland.

AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance, and more. AWS is SOC2 and ISO-27001 certified.

Is my data encrypted?

Yes.

Data in transit between end-users and Marker.io’s cloud environment is encrypted using HTTPS over TLS 1.2. This is verifiable by an independent check that can be performed via SSL Labs

In addition, we also use AES-256 bit encryption to secure your database connection credentials and data stored at rest.

How do you ensure the security of integration?

Integrations are a big part of what makes Marker.io special. We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, we encrypt all data, and you can revoke access anytime, easily.

Do you back up data?

All customer databases are backed up every 6 hours. We replicate core databases across multiple zones in the event of a site disaster.

What’s your development stack?

We run on Node.js, Vue.js, AWS & MongoDB

Who is responsible for your security program?

Security is directed by Marker.io’s Chief Technology Officer. We also have a full-time DevOps manager on staff.

Who can access production data?

Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Marker.io environment, are permitted access to Marker.io’s production environment. SSH keys and credentials are rotated regularly, and 2-factor authentication is enforced whenever possible.

Do you conduct penetration tests?

Yes. We hire an external firm to conduct a penetration test at both the application and network levels.

How frequently does Marker.io run security training?

Security training is provided to all new team members during their onboarding. The training aims to provide a baseline understanding within the context of Marker.io, its values and how we appropriately implement controls to help protect Marker.io and the data we store.

What controls have been implemented for detecting incidents?

Our DevOps team uses a combination of services to proactively monitor the infrastructure, networks, and systems. We have adopted an approach strategy that covers appropriate application security checklists to remediate any vulnerabilities. The team uses a combination of tools such as Cloudflare WAF, Amazon CloudWatch, Rapid7 InsightOps, and AWS Network Firewall to strengthen our security capabilities.

What is your process for reacting to security incidents?

We take security very seriously at Marker.io due to the sensitivity of our customers' data. We review security issues as soon as possible, and you can report them by emailing security@marker.io.

Likewise, we have alert notifications sent to the appropriate engineers via email, SMS, or integrations with uptime management tools, allowing us to detect incidents before customers are even aware. In case of a potentially severe security incident, we're committed to informing any affected users.

You can also find our status page here.

Do you have a status page?

Yes, you can find our status page here.

What accreditation does Marker.io have?

We are SOC 2 Type 2 certified.

How do you assess vendors?

We have a thorough process for evaluating which vendor we partner with, including reviewing security and data privacy practices.

Do you run a bug bounty program?

We do not currently run a bug bounty program, but we encourage anyone to report vulnerability issues to our security team. We review all messages sent to security@marker.io

How can I report a bug or vulnerability issue?

You can reach out to our security team at security@marker.io, or use the in-app chat, and we will route your message to our security team.

Did this answer your question?