GoMarble Information Security Program

Last Updated: Jan 21, 2026

  1. Purpose

This Information Security Policy defines the controls and practices GoMarble uses to protect information assets and customer data. It supports the Information Security Program and establishes clear security expectations.

  1. Scope

This policy applies to all GoMarble employees, contractors, systems, applications, and infrastructure that process, store, or transmit customer or company data.

3. Access Control

  • Access to systems and data is granted based on the principle of least privilege.

  • User access is limited to what is necessary to perform assigned job responsibilities.

  • Authentication mechanisms are enforced to prevent unauthorized access.

  • Access is reviewed periodically and revoked promptly when no longer required.

4. Data Protection

  • Customer data is used only for authorized business purposes.

  • Data access is restricted to authorized personnel.

  • Reasonable safeguards are implemented to prevent unauthorized disclosure, alteration, or loss of data.

  • Data retention and deletion practices follow legal, contractual, and business requirements.

5. Encryption

  • Data in transit is protected using industry-standard encryption protocols.

  • Sensitive data stored in production systems is encrypted where appropriate.

  • Encryption keys, secrets, and credentials are stored and managed securely.

6. Incident Response

  • GoMarble maintains a documented incident response process to identify, assess, and respond to security incidents.

  • Security incidents are investigated promptly.

  • Appropriate corrective actions are taken to mitigate impact and prevent recurrence.

  • Customers and partners are notified as required by law or contract.

7. Vulnerability Management & Remediation

  • GoMarble maintains a vulnerability management process to identify, assess, prioritize, and remediate security vulnerabilities across systems and applications.

  • Vulnerabilities may be identified through internal reviews, automated scanning, third-party reports, or responsible disclosure.

  • Remediation SLAs:

    • Critical vulnerabilities: Remediated within 1 business day.

    • All other severities: Remediated within 3 business days.

  • Remediation efforts are tracked and verified to ensure resolution. Systems are patched and updated regularly to reduce exposure to known threats.

8. Vendor and Third-Party Security

  • Third-party service providers are selected based on security, reliability, and compliance considerations.

  • Vendors with access to customer data are expected to implement appropriate security controls.

  • Access granted to third parties is limited to the minimum required and reviewed periodically.

9. Employee Security Awareness

  • Employees and contractors are expected to follow security best practices

  • Security responsibilities are communicated during onboarding

  • Employees must report suspected security incidents or vulnerabilities promptly

10. Device Security

  • Company-managed devices used to access GoMarble systems enforce anti-malware protection

  • Firewalls are enabled on company-managed devices

  • Automatic screen lock with timeout is required on devices accessing sensitive systems

  • Devices must be kept up to date with security patches and updates

11. Policy Review

This Information Security Policy is reviewed periodically and updated as necessary to reflect changes in technology, business operations, regulatory requirements, or security risks.

The AI Agent for Paid Media Marketers

PRODUCTS

GoMarble AI

New

MCP Server

AI Ads Analyzer

AI Copywriter

COMPANY

About

Blog

SOCIALS

Youtube

LinkedIn

Instagram

Copyright © GoMarble AI 2026

AI Terms

Privacy Policy

Terms of Use