Marker.io is hosted in Amazon Web Services (AWS) data center located in Europe region, Ireland. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and more. AWS is SOC2 and ISO-27001 certified.
Marker.io is hosted in Amazon Web Services (AWS) data center located in Europe region, Ireland. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and more. AWS is SOC2 and ISO-27001 certified.
Marker.io encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Marker.io platform. We also use AES-256-bit encryption to secure your database connection credentials and data stored at REST.
Integrations are a big part of what makes Marker.io special. We use the OAuth standard to authenticate you and get permission to access your tools. We never get your passwords, we encrypt all data, and you can revoke access anytime, easily.
We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats. They rely on tools such as AWS Cloudwatch and other tools to ensure the effectiveness of our protective measures.
Marker.io implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems.
You can visit our status page for updates.
All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.
We hire an external firm each year to conduct penetration testing at the network and application levels.
All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working with Marker.io.
Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Marker.io environment, are permitted access to Marker.io’s production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.
Marker.io uses Stripe to process payments and does not store personal credit card information for any of our customers. Stripe is certified to PCI Service Provider Level 1 which is the most stringent level of PCI DSS certification available.
All customer databases are backed up every 6 hours. We replicate core databases across multiple zones in the event of a site disaster.
We are audited by an external firm each year to ensure that we adhere to the security standards set by SOC2.
All communications are encrypted over SSL/TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions
Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS).
Our servers are based in Europe Region, Ireland.
AWS data centers feature state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is highly restricted and they are monitored by professional security personnel. Our offices are equipped with access control, intrusion detection, and video surveillance systems.
Our systems run the latest stable versions of Ubuntu or Amazon Linux and our applications run on the latest stable version of Node.js.
We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog), and we run automated vulnerability scanners, including retire.js and nsp, at regular intervals and before each deployment.
Our developers receive training for secure software development, including Open Web Application Security Project guidelines.
All major code changes are subject to a multi-point code review with specific attention paid to security.
We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.
All customer data is stored with at least dual redundancy, and we've designed our storage solution for 99.999999999% long-term durability.
By default, new screenshots are private and you are the only one able to access them. Only when you share them to one of our integrations or via link are they get accessible outside of Marker.io. At any time, you can decide to delete your screenshots.
For Jira, when you enter your authentication credentials in Marker.io, they are first ciphered using a highly secure algorithm (AES 256 bits) and then stored in our encrypted MongoDB database.
For all the other integrations, we use OAuth2/OAuth3, which means we ask for certain permission to access your tool. The token we get from that connection is unique and stored securely in our encrypted database.
Marker.io's team access is controlled by a carefully managed and audited security policy. All team members sign non-disclosure agreements to protect your data. All employees receive tools and training for handling sensitive data (including credentials) and for avoiding social engineering and other non-technical attacks.
We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.
We process payments with Stripe, which has been audited by a Payment Card Industry Standard-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of PCI DSS certification available. Payment information is transmitted directly to Stripe via HTTPS for secure storage and is never transmitted to or stored on Marker.io servers.
We conduct regular internal security audits and review our hardware, software, and physical security configurations. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid mitigation and transparent customer communication.
Contact us and we'll be happy to answer all your questions.