Introducing Ballpark - Simple surveys and user testing for prototypes
Try for free

Security at Marvel

We're committed to protecting the creative work that our customers trust us to store.

Marvel’s mission is to democratise the design process, making it more productive and inclusive so that everyone has the opportunity to bring their ideas to life. Core to that mission is keeping your ideas, data and projects confidential and secure. We take that responsibility seriously for our 2 million users, ranging from startups to Fortune 100 companies.

Here you’ll find more information on how we approach security, if you have additional questions feel free to get in touch at on security@marvelapp.com

Vulnerability disclosure and Reward Program

Marvel’s security team works closely with the community to rapidly investigate all reported issues regarding security and bugs on the platform. We value the effort and detail put into reports we receive by the security research community and offer cash rewards based on the severity of issue reported. If you find any security issues please review our Bug Bounty Policy before submitting any requests. Any submissions that do not qualify may not be responded to as it requires time for our engineers to review each submissions please ensure you read all scopes for our submission criteria. We endeavour to reply to any real or high impact issues within 7 days of submission with a maximum of 30 days depending on the problem.

Enterprise Security Features

Marvel Enterprise has several additional features that allow customers to enforce several layers of security to their accounts and projects. That includes Single Sign-On (SSO), IP restriction, access logs, user permissions and project-level password protection.

Communication

All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting data in transit protects it from unauthorised snooping, modification, and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.

Data Centre Security

Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI certification, and SOC. For more information about their certification and compliance, please visit the Google Cloud Platform or Amazon AWS security site.

  • 99.98%

    Uptime SLA

    Our distributed infrastructure means you get the best and most reliable experience possible, no matter where your business is located

  • 24/7

    Support

    Our global support team covers each timezone, with escalation procedures​ to ensure that urgent issues are swiftly resolved

  • GDPR

    Compliant

    Marvel is fully commited to meeting our legal obligation with the latest GDPR regulation and protecting the data rights of our customers

EU Hosted Infrastructure

The Marvel Platform infrastructure is hosted on servers based in the European Union. This allows us to meet specific regulatory and compliance requirements of organisations in Europe, including financial institutions, consultancies and government entities. Our data center provider Google Cloud Platform located in Belgium and Germany maintains multiple certifications, including SOC 1, SOC 2, SOC 3 and ISO27001. In addition all data is encrypted both in transit and at rest using strong encryption.

Credit Cards

Marvel does not store any credit card information. We have partnered with Stripe for credit card processing which allows us to leverage AES-256 encryption at rest, with PCI Service Provider Level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available to the payments industry.

Marvel’s GDPR Commitment

As a Data Controller, Marvel is commited to compliance with the General Data Protection Regulation, and meeting our legal obligation by helping our customers become compliant. We’ve made several key policy, product and term updates that strengthen the protection of personal data and rights of users.