- Home
- About
- Features
-
Software SolutionsProject Management CRM System Inventory ManagerDevelopment ToolsCode Editor API Testing Tool Database Manager
- News
- Contact
Security
Celebrate the joy of the season with us!
Effective Date: 24th August, 2019
Last Updated: 31st December, 2025
At Marcbrain, we understand that the security of your data is paramount. As a software company delivering innovative solutions, we implement industry-leading security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. Our comprehensive security framework ensures that your data remains safe while you focus on what matters most to your business.
We are committed to maintaining the highest standards of information security across all our products, services, and operations. Our security program is built on industry best practices, regulatory compliance requirements, and a proactive approach to identifying and mitigating potential threats. We continuously invest in security technologies, processes, and personnel to ensure your data is protected against evolving cyber threats.
All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols with a minimum of 256-bit encryption. This ensures that any information you send or receive through our platforms remains confidential and protected from interception during transmission.
For data at rest, we employ AES-256 encryption, one of the strongest encryption standards available. This means your stored information, including files, databases, and backups, is encrypted both in our production systems and backup storage facilities. Encryption keys are managed using secure key management systems with strict access controls and regular rotation policies.
We implement strict role-based access controls to ensure only authorized personnel can access sensitive systems and data. Each user account is assigned specific permissions based on their job responsibilities, following the principle of least privilege. This means individuals only have access to the information and systems necessary to perform their duties.
Multi-factor authentication is mandatory for all employee accounts and available for customer accounts. This additional security layer requires users to verify their identity using multiple methods, such as passwords combined with time-based codes or biometric verification, significantly reducing the risk of unauthorized access even if credentials are compromised.
We conduct regular access reviews to verify that user permissions remain appropriate and revoke access immediately when employees change roles or leave the company. All administrative access to critical systems is logged and monitored for unusual activity.
Our infrastructure is hosted in world-class, SOC 2 certified data centers with 24/7 physical security, including biometric access controls, video surveillance, and on-site security personnel. These facilities feature redundant power supplies, climate control systems, and fire suppression systems to ensure continuous operation and protect against physical threats.
We maintain geographically distributed data centers to ensure business continuity and disaster recovery capabilities. Regular automated backups are performed across multiple locations, with tested restoration procedures to guarantee data availability in the event of system failures or disasters.
Our network infrastructure employs advanced firewalls, intrusion detection and prevention systems, and network segmentation to isolate critical systems and limit the potential impact of security incidents. We continuously monitor network traffic for suspicious activity and automatically block potential threats.
Our development team follows secure coding practices throughout the software development lifecycle. We conduct code reviews, static and dynamic application security testing, and implement comprehensive input validation and output encoding to protect against common vulnerabilities.
All applications undergo rigorous security testing before deployment, including vulnerability assessments and penetration testing by internal security teams and third-party security experts. We implement protection against OWASP Top 10 vulnerabilities, including SQL injection, cross-site scripting, cross-site request forgery, and other common attack vectors.
We maintain a secure software development lifecycle that integrates security considerations at every stage, from design and development through testing and deployment. Security patches and updates are applied promptly to address newly discovered vulnerabilities.
Our security operations center provides 24/7/365 monitoring of all systems, networks, and applications. We utilize advanced security information and event management systems, threat intelligence feeds, and automated alert mechanisms to detect and respond to potential security incidents in real-time.
We maintain a comprehensive incident response plan that defines procedures for identifying, containing, investigating, and recovering from security incidents. Our incident response team is trained to handle various security scenarios and coordinates with relevant stakeholders to minimize impact and restore normal operations quickly.
In the unlikely event of a security incident affecting customer data, we will notify affected parties within 72 hours of discovery, in compliance with applicable data protection regulations. We will provide detailed information about the incident, potential impact, and steps being taken to address the situation.
We conduct regular vulnerability assessments and penetration testing to identify potential security weaknesses in our systems, applications, and infrastructure. These assessments are performed by qualified security professionals using industry-standard methodologies and tools.
Our patch management process ensures that all systems are updated promptly with the latest security patches from vendors. Critical security updates are prioritized and applied according to defined service level agreements, with emergency patching procedures for critical vulnerabilities.
We participate in responsible disclosure programs and work with security researchers who report vulnerabilities to us. Reported issues are investigated promptly, and appropriate fixes are developed and deployed according to the severity of the vulnerability.
All Marcbrain employees undergo comprehensive security awareness training during onboarding and receive regular refresher training throughout their employment. Training covers topics including data protection, password security, phishing awareness, social engineering, incident reporting, and compliance requirements.
Employees with access to sensitive systems receive additional specialized security training relevant to their roles. We conduct simulated phishing exercises and security drills to test awareness and readiness, using results to improve our training programs.
All employees sign confidentiality and acceptable use agreements committing to protect company and customer information. Violations of security policies are taken seriously and may result in disciplinary action up to and including termination.
We carefully vet all third-party vendors and service providers who have access to our systems or customer data. Our vendor assessment process evaluates security controls, compliance certifications, and data protection practices before engaging with any third party.
All vendors are required to sign data processing agreements that outline security requirements, data handling procedures, and incident notification obligations. We conduct periodic security assessments of critical vendors to ensure ongoing compliance with our security standards.
Access provided to third parties is limited to what is strictly necessary for service delivery and is regularly reviewed. We maintain an inventory of all third-party integrations and monitor their access to our systems.
Marcbrain maintains compliance with relevant industry standards and regulations, including data protection laws applicable to our operations and customer locations. We regularly assess our compliance posture and update our practices to meet evolving regulatory requirements.
We undergo regular independent audits of our security controls and practices. Audit findings are reviewed by management, and corrective actions are implemented promptly to address any identified gaps or weaknesses.
Our offices and facilities implement physical security measures including access control systems, visitor management procedures, and secure areas for sensitive operations. Employee workstations are configured with security controls including full-disk encryption, automatic screen locking, and remote wipe capabilities.
We maintain clear desk and clear screen policies to prevent unauthorized access to sensitive information. Physical documents containing confidential information are securely stored and disposed of using certified destruction services.
While we implement robust security measures, your cooperation is essential in maintaining the security of your account and data. We recommend the following security practices:
Use strong, unique passwords that combine uppercase and lowercase letters, numbers, and special characters. Avoid using the same password across multiple services. Consider using a reputable password manager to generate and store complex passwords securely.
Enable multi-factor authentication wherever available to add an extra layer of protection to your account. This significantly reduces the risk of unauthorized access even if your password is compromised.
Keep your software, including operating systems, browsers, and applications, updated with the latest security patches. Enable automatic updates when possible to ensure you receive critical security fixes promptly.
Be cautious of phishing attempts and suspicious emails. Verify the sender's identity before clicking links or downloading attachments. Marcbrain will never ask you to provide your password via email or unsolicited phone calls.
Never share your account credentials with others. If you need to grant access to colleagues, use proper access delegation features rather than sharing passwords.
Log out of your account when finished, especially when using shared or public devices. Clear your browser history and cache after accessing sensitive information on public computers.
Monitor your account activity regularly and report any suspicious or unauthorized access immediately to our security team.
If you notice any suspicious activity, potential security vulnerabilities, or have concerns about the security of our systems, please report them immediately to our security team. We take all security reports seriously and investigate them promptly.
You can report security issues by contacting us at security@marcbrainltd.com or through our general contact email info@marcbrainltd.com. When reporting security concerns, please provide as much detail as possible to help us understand and address the issue effectively.
We appreciate responsible disclosure and will work with security researchers who report vulnerabilities to us in good faith. We commit to acknowledging receipt of security reports within 48 hours and providing status updates as we investigate and address reported issues.
Security is an ongoing process, not a one-time effort. We continuously evaluate and improve our security measures to address emerging threats and incorporate lessons learned from security incidents, both our own and those affecting the broader industry. We stay informed about the latest security trends, vulnerabilities, and best practices through active participation in security communities and professional networks.
We welcome feedback from our customers and partners regarding our security practices and are committed to transparency in our security efforts while protecting sensitive security information that could be exploited by malicious actors.