Security at Marcus isn't a feature page; it's a default. Your code is yours, your customers' data lives in the EU, and we never train models on either.
Every project ships with a clean static export and a private Git repo. Cancel any time and walk out with everything Marcus generated.
Frankfurt region, GDPR-compliant. Data does not move regions without a written request, and we tell you when, where, and why.
TLS 1.3 in transit. AES-256 at rest. Database, file storage, off-site backups, log aggregation — all encrypted with keys we rotate quarterly.
Your prompts, your code, your users' inputs — none of it ever enters a training set. Period. This is in the contract, not the FAQ.
Each project runs in its own database schema and storage namespace. A leak in one project cannot read another, even on the same workspace.
Studio tier ships SAML SSO and a full audit log of every change Marcus or your team made. Exportable to your SIEM in JSON.
How we operate
Stuff will go wrong. Networks fail, dependencies disappear, models hallucinate. Here's how we run when it does.
Our status page reflects what our internal monitors see. We don't wait for tweets to declare an incident.
Every incident over 15 minutes gets a postmortem published within five working days. What broke, what we fixed, what we'll change.
security@aimarcus.love goes to a real human, with a 24-hour acknowledgement SLA. Bug bounty details on request.
Compliance
Mail security@aimarcus.love. Real human, 24-hour reply.