Marble servers are hosted on Heroku, an application platform that in turn uses services provided by Amazon Web Services (AWS). As such, Marble inherits the control environment which Amazon maintains and demonstrates.
Read more about AWS and Heroku security and certifications here:
Marble services are accessible over HTTPS. Traffic over HTTPS is encrypted and is protected from interception by unauthorized third parties. Marble uses strong encryption algorithms with a key length of at least 128 bits.
Marble servers are accessible through HTTPS. Administrative access is granted only to select employees of Marble, based on role and business need.
Marble application architecture includes mitigation measures for common security flaws such as the OWASP Top 10. Marble application uses industry standard, high-strength algorithms including AES and bcrypt.
All network access, both within the datacenter and between the datacenter and outside services, is restricted by firewall and routing rules. Network access is logged and logs are retained for a minimum of 30 days.
Marble stores a minimum of Personally Identifiable Information (PII), and only as instructed by our Subscriber for the purposes of delivering the Marble Service. Per the GDPR principles, Subscribers should avoid sharing unnecessary personal data with Marble beyond basic information.
Marble follows the policies below that are relevant to GDPR:
Please contact us if you discover a vulnerability at firstname.lastname@example.org
Last updated on May 3rd, 2022.