Security & Complaince

Security

Your trust is the foundation of everything we do. At BlueMarvel, safeguarding your data isn’t just a responsibility—it’s a core part of how we operate. We have built our systems and processes to meet the highest standards of security and reliability, and we’re proud to be SOC 2 Type II compliant, demonstrating our ongoing commitment to protecting your information.

Our Security Practices

Here are some of the measures we have in place to protect your data and maintain compliance:

  • SOC 2 Type II Certified – Annual third-party audit validating our controls across security, availability, and confidentiality.
  • Encryption Everywhere – All data encrypted in transit (TLS 1.3+) and at rest using AES-256.
  • Multi-Factor Authentication (MFA) – Native MFA required across our internal systems and available for customers.
  • Continuous Monitoring – 24/7 system monitoring and automated alerts for suspicious activity.
  • Regular Vulnerability Scans – Frequent internal and third-party scanning of our infrastructure.
  • Independent Penetration Testing – Annual third-party testing to proactively identify and remediate risks.
  • Strict Access Controls – Role-based access (RBAC) and principle of least privilege enforced across our environment.

SOC 2 compliance proves that BlueMarvel meets rigorous standards for data security, but our commitment doesn’t stop there—we continuously evolve our defenses to stay ahead of emerging threats. And I need this image added to the webpage as well as a small icon in the footer. Could you design that for me?

Data Residency

Unless otherwise noted in a customer agreement, your data will be stored in Canada.

Data Subprocessor List

To support in the delivery of BlueMarvel and its applications, BlueMarvel AI Inc. may engage and use data processors with access to certain customer data. These third-party data processors are specifically for providing the infrastructure for the applications. These include, but may not be limited to, hosting, email notifications, customer support and web security.

Auth0

Services: Authentication management
Location: United States

Cloudflare Inc.

Services: Content delivery network (CDN), web security, and DDoS protection
Location: Global

Functional Software, Inc.

Services: Sentry.io - application operations
Location: United States

Microsoft Ireland Operations Limited

Services: Microsoft Azure Cloud Services – third party hosting provider
Location: Global (Primarily Canada, United States and Europe)

Twilio SendGrid Inc.

Services: Transactional email delivery
Location: United States