In accordance with the General Data Protection Regulation (GDPR), Marfeel implements appropriate technical and organisational measures (TOMs) to ensure a level of security appropriate to the risk of processing personal data. These measures are designed to safeguard the confidentiality, integrity, and availability of data and are the following:
Physical Access Controls
Access to Marfeel’s office premises is strictly limited to authorized personnel. Entry to the building is regulated by a security guard at the main entrance, while access to Marfeel’s office floor requires biometric fingerprint verification. Visitors are not granted independent access and must always be escorted by a staff member.
System Access Controls
System access is secured using Single Sign-On (SSO) and Multi-Factor Authentication (MFA). Access is limited to system administrators and authorized staff, with role-based access controls enforced to ensure permissions are aligned with job responsibilities.
Remote Access Controls
Remote access is protected through VPN connections, Two-Factor Authentication (2FA), SSH key-based authentication, and role-based access restrictions. These measures ensure secure and authenticated connections for remote users.
Data Access Controls
We enforce strict data access policies to minimize risk:
- All data queries are logged and reviewed to detect unauthorized activity.
- Role-based access profiles ensure employees only have the privileges necessary for their responsibilities.
- Exclusive access to data processing systems is restricted to system administrators.
- All authentication credentials are encrypted with strong cryptographic algorithms, and encryption keys are managed externally under strict access controls.
Transmission Controls
All data transfers are secured using protocols such as HTTPS, SFTP, TLS encryption, VPNs, and secure APIs. Transfers to storage platforms (e.g., Google Cloud Storage or Amazon S3) are encrypted and access-controlled.
Input Controls
We continuously monitor collected data to ensure quality and accuracy. A security-by-default framework is applied to prevent XSS, injection, or other data-originated attacks. All inputs are validated, sanitized, and authorized before processing.
Data Backups
We follow a 3-2-1 backup strategy, maintaining incremental and full backups across multiple data centers. Backups are stored on-premises, in geographically diverse datacenters, and where possible, in the cloud. A copy is always maintained in WORM (Write Once Read Many) storage to ensure data integrity.
Data Segregation
Customer data is logically segregated to ensure complete isolation, even within shared system infrastructure. Strict application and database controls enforce this separation and prevent any possibility of cross-access between customers.