Security

Customer trust and data security are critical to everything we do at Marvia. Every day we ensure that our security is parallel with industry standards and compliance. 

Software Security

SSO

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Permissions

Marvia is a SaaS subscription accessible globally via a web browser. A strict roles system secures our solution. We enable permission levels within the tool to be set for users and groups. Permissions can be set to include:

  • Access to modules/ features
  • Access to actions
  • Access to content.
  • Rights within templates 
  • Access to designated parts of the admin
  • Rights to download/ order with or without workflow

Password and Credential Storage

Marvia enforces a password complexity standard and uses OpenSSL encrypt and decrypt to store credentials and sensitive data. The encryption algorithm is specified by the Advanced Encryption Standard (AES).

Uptime

We have an uptime of 99.9% or higher. 

Network and Application Security

Data Hosting and Storage

Marvia's services and data are hosted in Amazon Web Services (AWS) facilities in Frankfurt (eu-central-1). All hosting and storage are 100% aligned with the restrictive EU data protection laws. AWS is renowned for rigorous security. For their hosting compliance, please visit AWS Amazon.

Failover and DR

Marvia was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centres fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Back-Ups and Monitoring

On an application level, we produce audit logs for all activity. Our Certified AWS hosting and Security partner Webslice manages the server logs within AWS. All action and activities in the Marvia application are logged in the database. Our database is backed-up every 24 hours. 

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Marvia is served 100% over https. We have Single Sign-on (SSO) and strong password policies on Google, AWS and Marvia to ensure access to cloud services are protected. 

Encryption

All data sent to or from Marvia is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only. SSL/TLS certificates are used to secure network communications and establish the identity of Marvia over the Internet as well as resources on private networks.

The SSL and TLS protocols use an X.509 certificate (SSL/TLS server certificate) to authenticate both the client and the back-end application. An X.509 certificate is a digital form of identification issued by a certificate authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer.

Pentest and Vulnerability Scanning 

Marvia uses third party security tools to scan for vulnerabilities continuously. Periodically we engage third-party security experts to perform detailed penetration tests on the Marvia application and infrastructure. 

Incident Response

Marvia implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Additional Security Features

Training

All employees complete Security and Awareness training annually.

Policies

Marvia has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Confidentiality

All employee contracts include a confidentiality agreement.

Security Questions?

If you think you may have found a security vulnerability, please get in touch with our security team at security@getmarvia.com.

Learn more about Marvia by reading our Privacy Policy