Security & Compliance

Your trust is the foundation of everything we do. At BlueMarvel, safeguarding your data isn’t just a responsibility—it’s a core part of how we operate. We have built our systems and processes to meet the highest standards of security and reliability, and we’re proud to be SOC 2 Type II compliant, demonstrating our ongoing commitment to protecting your information.

Our Security Practices

Here are some of the measures we have in place to protect your data and maintain compliance:

• SOC 2 Type II Certified – Annual third-party audit validating our controls across security, availability, and confidentiality.
• ISO 27001:2022 Certified – Internationally recognized standard validating our systematic approach to managing information security risks.
• GDPR Compliance – Ensuring transparency, control, and rigorous protection for all forms of data.
• Encryption Everywhere – All data encrypted in transit (TLS 1.3+) and at rest using AES-256.
• Multi-Factor Authentication (MFA) – Native MFA required across our internal systems and available for customers.
• Continuous Monitoring – 24/7 system monitoring and automated alerts for suspicious activity.
• Regular Vulnerability Scans – Frequent internal and third-party scanning of our infrastructure.
• Independent Penetration Testing – Annual third-party testing to proactively identify and remediate risks.
• Strict Access Controls – Role-based access (RBAC) and principle of least privilege enforced across our environment.
  

✅ SOC 2 and ISO 27001 compliance proves that BlueMarvel meets rigorous standards for data security, but our commitment doesn’t stop there—we continuously evolve our defenses to stay ahead of emerging threats.

‍

Data Residency

Unless otherwise noted in a customer agreement, your data will be stored in Canada. Data storage in the United States, Europe and other regions widely supported by Azure are available upon request.

‍

Data Subprocessor List

To support in the delivery of BlueMarvel and its applications, BlueMarvel AI Inc. may engage and use data processors with access to certain customer data. These third-party data processors are specifically for providing the infrastructure for the applications. These include, but may not be limited to, hosting, email notifications, customer support and web security.

‍

Auth0

Services: Authentication management
Location: United States

‍

Cloudflare Inc.

Services: Content delivery network (CDN), web security, and DDoS protection
Location: Global

‍

Functional Software, Inc.

Services: Sentry.io - application operations
Location: United States

‍

Microsoft Ireland Operations Limited

Services: Microsoft Azure Cloud Services – third party hosting provider
Location: Global (Primarily Canada, United States and Europe)

‍

Twilio SendGrid Inc.

Services: Transactional email delivery
Location: United States

‍