Security & Compliance

Your data is safe with us. We take that seriously.

MarketrixAI is built on enterprise-grade security infrastructure. We encrypt everything, audit all access, and hold ourselves to the same standards we'd expect from any vendor handling our own data.

SOC 2 Type II
In progress (Q3 2026)
GDPR Compliant
DPA available
CCPA Compliant
California residents
TLS 1.3
All data in transit
AES-256
Data at rest

Security Controls

A summary of the technical and organisational measures we have in place to protect your data.

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Database-level encryption for all customer data
  • Encrypted backups stored in geographically separate regions

Access Controls

  • Role-based access control (RBAC) for all internal systems
  • Multi-factor authentication required for all employee accounts
  • Principle of least privilege enforced across all teams
  • All access to customer data is logged and audited

Infrastructure

  • Hosted on AWS with multi-region redundancy
  • 99.9% uptime SLA for Professional and Enterprise plans
  • Automated failover and disaster recovery
  • DDoS protection via AWS Shield

Compliance & Audits

  • SOC 2 Type II certification in progress (expected Q3 2026)
  • Annual penetration testing by independent third party
  • GDPR-compliant data processing with DPA available
  • CCPA compliance for California residents

Responsible Disclosure

If you discover a security vulnerability in MarketrixAI, please report it responsibly. We ask that you give us reasonable time to investigate and remediate before public disclosure. We will not pursue legal action against researchers who follow these guidelines.

Security FAQ

Where is my data stored?

Customer data is stored in AWS data centres in the United States (us-east-1) with automated backups to a secondary region (us-west-2). EU customers on Enterprise plans can request EU-only data residency (Frankfurt, eu-central-1).

Do you have a bug bounty programme?

Yes. We operate a responsible disclosure programme. If you discover a security vulnerability, please report it to [email protected]. We acknowledge reports within 24 hours and aim to resolve critical vulnerabilities within 7 days. We do not pursue legal action against researchers who follow responsible disclosure guidelines.

Can I get a copy of your penetration test report?

Enterprise customers can request a redacted copy of our most recent penetration test report under NDA. Contact your account manager or email [email protected].

How do you handle data breaches?

In the event of a data breach affecting customer data, we will notify affected customers within 72 hours of becoming aware of the breach, as required by GDPR. We will provide details of the nature of the breach, the data affected, and the steps we are taking to remediate it.

Do your employees have access to my CRM data?

Access to customer data is restricted to employees who need it to provide support or operate the service. All access is logged and audited. We never access customer data for commercial purposes or share it with third parties without your consent.

Is MarketrixAI HIPAA compliant?

MarketrixAI is not currently HIPAA certified and is not designed to store Protected Health Information (PHI). We do not recommend using MarketrixAI to process healthcare data.

Security questions?

Our security team is available to answer questions from customers, prospects, and security researchers.