Security & Compliance

 

Last Updated: 24 June 2025

At Marketingmary, we understand that the security, privacy, and integrity of your data are paramount. Trust is the foundation of our partnership, and we have engineered our platform and policies to uphold the highest standards of security and compliance, protecting your organisation's most valuable marketing information. This page outlines the comprehensive measures we take to safeguard your data.

Our Core Security Principles

  • Security by Design: Our platform was built from the ground up with security as a core architectural principle, not an afterthought.
  • Guaranteed Data Isolation: Our architecture is engineered to ensure your organisation's data is strictly and logically separated at all times, making it inaccessible to any other organisation.
  • Commitment to Transparency: We believe in being clear and transparent about our security practices and how we handle your data.

Multi-Tenant Security Features

Our enterprise-grade platform is built on a secure multi-tenant architecture, ensuring your data remains yours and yours alone.

1. Data Isolation

  • Row-Level Security (RLS): Our database architecture enforces strict data segregation at the row level. This acts as a digital wall, ensuring that every piece of data is tagged to your specific organisation and is inaccessible to others.
  • Organisation-Scoped Access: All access to data, whether through our user interface or via our API, is strictly scoped to your organisation, preventing any possibility of data leakage between tenants.
  • Independent Encryption (Future Commitment): We are planning to implement separate encryption keys for each organisation as an additional layer of cryptographic isolation for your data.

2. Access Controls

  • Role-Based Access Control (RBAC): Organisation administrators can assign granular permissions to users based on predefined roles (e.g., Admin, Editor, Viewer), ensuring users only have access to the data and features necessary for their work.
  • Comprehensive Audit Trails: We maintain detailed audit logs of all significant user actions and access events within the platform, providing transparency and accountability for your compliance needs.
  • Secure Session Management: We enforce secure session controls, including automatic timeouts, to protect against unauthorised access to active user sessions.

Infrastructure Security

Our service is hosted on world-class cloud infrastructure, benefiting from robust physical and network security protections.

  • Encryption at Rest: All of your data, including database files and user-uploaded content, is protected using strong AES-256 encryption when stored on our servers.
  • Encryption in Transit: All data transmitted between you and the Marketingmary platform is secured using Transport Layer Security (TLS) 1.3, the current industry standard for encrypted communications.
  • DDoS Protection: Our infrastructure is equipped with advanced protection against Distributed Denial of Service (DDoS) attacks to ensure service availability and resilience.
  • Vulnerability Management: We have a rigorous process for regularly applying security patches to our servers and application software to protect against known vulnerabilities.

Data Residency & Governance

We are committed to providing our clients with control over their data. For our clients in the United Kingdom and European Union, we guarantee that all primary data is stored and processed on servers located within the European Union (Germany). This helps you meet your data sovereignty and GDPR compliance requirements.

Compliance & Verification

We are committed to meeting and exceeding global standards for data protection and security.

  • GDPR Compliance: The Marketingmary platform is designed to be fully compliant with the UK and EU General Data Protection Regulation (GDPR), providing you with the tools and assurances you need to meet your obligations as a Data Controller.
  • Independent Audits: We are committed to validating our security controls through independent, third-party audits. We are actively working towards achieving SOC 2 Type II and ISO/IEC 27001 certifications to provide our clients with formal assurance of our security posture.
  • Penetration Testing: We engage independent security experts to conduct regular penetration tests of our platform, allowing us to proactively identify and remediate potential vulnerabilities.

Shared Responsibility

Security is a partnership. While Marketingmary provides a secure and compliant platform, your organisation plays a crucial role in maintaining security. You are responsible for:

  • Managing your users and their access permissions.
  • Ensuring the security of your account credentials.
  • Using the security features provided by the Service appropriately.

V1.0: MCP Integration Security

As we evolve with our Model Context Protocol (MCP) integrations, our commitment to security remains. Control and transparency are central to how we manage third-party data connections.

  • Organisation-Controlled Integrations: Your organisation's administrator has full control over which third-party platforms are connected to your Marketingmary account. Integrations are configured on an opt-in basis only.
  • Credential Isolation: Each integration is configured with separate API credentials that are unique to your organisation, ensuring no co-mingling of access.
  • Transparent Data Flows: We provide clear documentation on what data is shared with each MCP integration, so you can make informed decisions.
  • Third-Party Liability: While we facilitate the connection, your use of third-party platforms is governed by your agreement with them. Marketingmary is not responsible for the data practices or security of external MCP services.