Your security is our top priority

To protect your intellectual property and identifying information, Marq employs a well-designed infrastructure and adheres to industry best practices.
Download our in-depth Security Whitepaper

System Architecture

Data encryption

  • To ensure a secure connection from users’ browsers to our service, we employ a 256-bit encrypted connection to the Marq environment via TLS 1.2 and a world-class certificate provider.
  • Marq also employs encryption at rest to protect the secrecy of all data persisted by the application. The cryptographic keys are protected by a pair of (redundant) passphrases stored in separate environments.

Network uptime

  • We quantify our reliability by offering a 99.9% uptime guarantee to enterprise customers. This guarantee ensures the constant deployment of our services, 24 hours a day, 7 days a week, 365 days a year.

Network protection

  • To provide rigorous access controls, we have both network layer (IP) and transport layer (TCP) firewalls that segregate network traffic between application tiers.
  • Our network is built using Amazon's secure Virtual Private Cloud (VPC) technology, adding an extra layer of protection against intrusion.

Disaster recovery and backups

  • Your data is backed up hourly to multiple physical locations across several Availability Zones.
  • Once a week, the most recent versions of database snapshots are stored in encrypted form to a secure off-site location.
  • Marq conducts monthly validations of our backups to ensure that they can be used for restoration in case of emergency.

Secure data centers

Amazon Web Services (AWS) powers the server requirements for thousands of high-profile companies and government entities. We have partnered with AWS to provide our web and data services because of their stringent security measures, which include compliance with the following certifications and third-party attestations:

  • SAS70 Type II audits
  • Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
  • ISO 27001 certification
  • U.S. General Services Administration FISMA-Moderate level operation authorization

To learn more about the security procedures employed by AWS, please review their documentation.

Content Security

Password authentication

  • Marq supports sign-on with a unique username and password, or single sign-on with Google/Microsoft.
  • User passwords are never transmitted in plain text.
  • Only salted one-way hashes of passwords are stored by our servers—never the passwords themselves.
  • Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.

Permission controls

  • We follow security best practices by using least privilege access principles to protect your data.
  • Role-based permissions system is available to Marq user administrators.
  • Administrators may:
    • Set required password strength
    • Dictate the frequency of password resets
    • Seize control of a user account if that user’s employment has ended
    • Set permissions for each user, including view-only, edit, and document ownership

Data ownership

  • Marq claims no ownership over any documents created through our services. Users retain copyright and any other rights, including all intellectual property rights, on created documents and included content.
  • We respect your privacy and will never make your documents publicly available without permission.

Continuous monitoring

  • Marq performs regular internal security design reviews and contracts with a third-party penetration expert to test for application vulnerability threats and network vulnerability threats.
  • These tests are carried out quarterly with industry-leading automated tools and extensive manual testing. Testing covers OWASP top-10 threats and WASC 26 classification sections.
  • Our live systems are continuously monitored and supported; any issue will be reported and fixed as soon as possible.