Security and Performance

Our platform is a secure and robust software application. Its security and performance are our top priorities. Customers can use our platform with the confidence that we uphold the highest standards and best practices.

Customer data, security, and performance are at the heart of everything we do at Marty.

We’ve built our platform with enterprise-grade infrastructure to deliver a secure, high-performing, and reliable solution you can trust. Security isn’t a feature — it’s our foundation.

We follow industry-leading standards, conduct regular security reviews and audits, and continuously monitor our systems to proactively prevent vulnerabilities. With Marty, you can rest assured that your data is protected with the latest encryption technologies and best practices in modern SaaS architecture.

All communication between clients and our servers is encrypted using modern TLS (Transport Layer Security) protocols. We support the latest TLS 1.2+ standards and enforce HTTPS across all services, ensuring that data in transit remains protected at all times.

At rest, data is encrypted using industry-standard AES-256 encryption, providing an additional layer of defense against unauthorized access.

Passwords are never stored in plain text. We use strong, salted hashing algorithms (such as bcrypt) to store user credentials securely.

In addition, Marty enforces password strength requirements and allows for secure password resets via tokenized email links that expire automatically.

Only authorized Marty team members have access to production infrastructure, following the principle of least privilege. Access rights are role-based and reviewed regularly.

Authentication to internal systems is protected using strong passwords, Single Sign-On (SSO), and enforced Two-Factor Authentication (2FA).

Session timeouts and automatic logouts add another layer of safety to ensure account protection.

We provide optional Two-Factor Authentication for users to add an extra layer of security to their accounts. By requiring both a password and a verification code, we significantly reduce the risk of unauthorized access, even if login credentials are compromised.

All employees are bound by confidentiality agreements and undergo regular security awareness training to stay current on best practices, phishing prevention, and secure data handling.

Marty is hosted on Microsoft Azure — one of the most secure, compliant cloud platforms globally. Azure’s compliance portfolio includes ISO/IEC 27001, 27017, and 27018, SOC 1, 2 & 3, HIPAA, GDPR, and more.

We maintain a cloud-native architecture optimized for resilience, redundancy, and performance across geographically distributed data centers in the EU.

All credit card data is handled securely through our payment gateway, Stripe, a certified Level 1 PCI DSS Compliant Service Provider — the most stringent level of certification available.

We never store credit card numbers or security codes on our servers. Stripe encrypts all payment information on the client side before it even reaches their infrastructure.

We work with a carefully vetted group of third-party service providers located in the US and EU to support analytics, hosting, support, and operations. All partners are required to comply with strict data processing agreements.

You can view our current list of sub-processors here. We conduct regular reviews to ensure data protection obligations are continuously met.

We guarantee 99.9% uptime, measured monthly, and typically exceed this target.
Marty is monitored 24/7 with automated alerts and incident response protocols in place. Our systems are built with failover, auto-scaling, and load balancing mechanisms to ensure uninterrupted service.

We release frequent updates and security patches, the majority of which are deployed with zero downtime using rolling deployments.

In rare cases where downtime is required, it is kept under 20 minutes and communicated in advance — 48 hours prior for major updates, with reminders one hour before the window begins.

We believe in data transparency and portability. Should you choose to leave Marty, you retain full ownership of your data. Upon request, we’ll provide a complete export of your database in a commonly used, structured format.
​

Want to access your data via API? No problem — our secure API offers full programmatic access to your information at any time.

To keep your environment safe, all uploaded files are automatically scanned for viruses and potential threats using advanced malware detection systems.
If a threat is detected, our platform generates instant warnings and prevents the file from being accessed or shared — keeping your team safe and informed.

We routinely conduct internal security testing and leverage external penetration testing to identify and address any weaknesses before they become issues.
We welcome the responsible disclosure of vulnerabilities. If you believe you've found a security flaw, please contact our security team.