MarqOps connects to your marketing data and brand assets, so we treat security as a first-class part of the product — not an afterthought. Here’s exactly how your data is handled.
MarqOps runs on Supabase and Vercel — both independently audited to SOC 2 Type II. Your data lives in managed Postgres with automated backups and no self-managed servers to misconfigure.
All traffic is served over TLS (HTTPS). Data at rest is encrypted by our database provider. Secrets and API keys are stored as encrypted environment variables, never in the codebase.
Every brand workspace is isolated with Postgres row-level security, so one account can never read another account’s data. Server-side operations use scoped, least-privilege access.
When you connect Google Search Console, Analytics, or Ads, we request the minimum OAuth scopes needed and store refresh tokens encrypted. You can revoke access anytime from your Google account or from MarqOps.
Your brand data, analytics, and content are used only to deliver the product to you. We never sell or share it with advertisers or data brokers. Delete your account and we delete your data.
Sign-in is via Google OAuth or one-time magic links — we never store passwords. Admin surfaces are gated behind explicit role checks.
Found a security issue? We appreciate responsible disclosure. Email info@marqops.com and we’ll respond quickly.
Questions about data handling? See our Privacy Policy.
MarqOps is built on SOC 2-compliant infrastructure (Supabase, Vercel). MarqOps has not separately completed its own SOC 2 audit; we’ll update this page if that changes.