Skip to content
MARC
Trust

Security

Last updated 8 July 2026

Security is central to a compliance platform. This page outlines how MARC protects your data and the practices we follow to keep the Service resilient and trustworthy.

1. Our approach

We build security into MARC from the ground up. We follow the principle of least privilege, default to encryption, and design our systems so that a single failure never becomes a breach. Our goal is that the platform you trust to check compliance is itself held to a high standard.

2. Infrastructure

MARC runs on reputable cloud infrastructure hosted in secure, audited data centres. Production environments are isolated from development and testing, and access to infrastructure is restricted, logged, and reviewed.

3. Encryption

  • Data is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted using industry-standard algorithms.
  • Secrets and credentials are stored in managed secret stores, never in source code.

4. Access controls

  • Least-privilege access, granted only to those who need it.
  • Multi-factor authentication on administrative accounts.
  • Regular review and prompt revocation of access when roles change.

5. Application security

Security is part of our development lifecycle. We use code review, automated dependency and vulnerability scanning, and testing before changes reach production. We keep our software and dependencies up to date.

6. Monitoring & resilience

We monitor our systems for anomalies and maintain logging to support investigation and response. We perform regular backups and maintain processes to recover the Service in the event of an incident.

7. Data isolation & retention

Customer data is logically separated, and we handle it in line with our Privacy Policy. Scan content is retained according to your plan and can be deleted on request.

8. Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please contact us with the details so we can investigate and respond promptly. We ask that you give us a reasonable opportunity to address the issue before any public disclosure.

9. Compliance

We align our practices with recognised security frameworks and are continually maturing our programme. Contact us if you need documentation or details to support your own vendor assessment.

Questions about this page? Email [email protected] or write to Mediacle Limited, 16 Upper Woburn Place, London, WC1H 0BS United Kingdom