Designed to Keep Your Data Secure

Designed to Keep Your Data Secure

Connects AI to your marketing stack using industry-standard security practices, encrypted credential storage, and official platform APIs

Connects AI to your marketing stack using industry-standard security practices, encrypted credential storage, and official platform APIs

Industry Standard Encryption
No AI Training on Customer Data
Secure OAuth Authentication
Monitoring & Auditing Logs
Encrypted Secrets Management

Verified business status

GoMarble has completed business and app verification across the platforms we integrate with

Google
Completed OAuth app verification and brand verification, with a privacy policy hosted on verified domains and linked from the OAuth consent screen.
Google
Completed OAuth app verification and brand verification, with a privacy policy hosted on verified domains and linked from the OAuth consent screen.
Meta
Completed Meta business verification with official business documentation, following Meta's data and privacy requirements
Meta
Completed Meta business verification with official business documentation, following Meta's data and privacy requirements
Shopify
Meets Shopify App Store requirements for data privacy and security, with secure handling of protected customer data.
Shopify
Meets Shopify App Store requirements for data privacy and security, with secure handling of protected customer data.

Compliance & Standards

Compliance & Standards

We're continuously investing in our security program and aligning GoMarble with industry best practices.

We're continuously investing in our security program and aligning GoMarble with industry best practices.

STANDARD
STATUS
SOC 2 Type II

In progress

ISO 27001

In progress

CCPA

Aligned

OAuth Best Practices

Aligned

STANDARD
SOC 2 Type II

In progress

ISO 27001

In progress

CCPA

Aligned

OAuth Best Practices

Aligned

Platform
Access
Meta Ads
Read access for analytics; approved automation only where explicitly enabled
Google Ads
Read access for analytics; approved automation only where explicitly enabled
Google Analytics
Read-only analytics access
Shopify
Read access for analytics; approved automation only where explicitly enabled
Snowflake
Customer-managed connection; read-only permissions limited to the schemas/tables you choose
Meta Ads
Read access for analytics; approved automation only where explicitly enabled
Google Ads
Read access for analytics; approved automation only where explicitly enabled
Google Analytics
Read-only analytics access
Shopify
Read access for analytics; approved automation only where explicitly enabled
Snowflake
Customer-managed connection; read-only permissions limited to the schemas/tables you choose

Platform-Specific Access

Platform-Specific Access

GoMarble connects using official APIs and requests the permissions required for the workflows you enable

GoMarble connects using official APIs and requests the permissions required for the workflows you enable

What GoMarble does - and doesn't do

What GoMarble does
— and doesn't do

What we do

What we do

Securely connect to your marketing platforms
Use official APIs and secure authentication methods to connect with platforms like Meta, Google Ads, Shopify, and more.
Protect your credentials
Encrypt access credentials and securely manage them using dedicated secrets management infrastructure.
Execute AI workflows
Analyze data, generate recommendations, and execute actions through connected platforms based on the workflow's approval settings.
Monitor and log platform activity
Maintain audit logs, monitor platform health, and follow incident response procedures to support secure operations.
Give you control over your data
Allow you to disconnect integrations, revoke access, delete reports, conversations, and your workspace whenever you choose.

What we never do

Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.

What we do

What we never do

Securely connect to your marketing platforms
Use official APIs and secure authentication methods to connect with platforms like Meta, Google Ads, Shopify, and more.
Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Protect your credentials
Encrypt access credentials and securely manage them using dedicated secrets management infrastructure.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Execute AI workflows
Analyze data, generate recommendations, and execute actions through connected platforms based on the workflow's approval settings.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Monitor and log platform activity
Maintain audit logs, monitor platform health, and follow incident response procedures to support secure operations.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Give you control over your data
Allow you to disconnect integrations, revoke access, delete reports, conversations, and your workspace whenever you choose.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.
Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.

What we never do

Authentication & OAuth security

GoMarble authenticates using OAuth and follows the Model Context Protocol authorization specification and OAuth 2.1 best practices

OAuth 2.1 & PKCE
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Token Security
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Standards-based discovery
Supports OAuth 2.0 Protected Resource Metadata and Authorization Server Metadata for secure, standards-based endpoint discovery
MCP-compliant
GoMarble's MCP Server adheres to the MCP OAuth authorization specification, including Dynamic Client Registration
OAuth 2.1 & PKCE
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Token Security
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Standards-based discovery
Supports OAuth 2.0 Protected Resource Metadata and Authorization Server Metadata for secure, standards-based endpoint discovery
MCP-compliant
GoMarble's MCP Server adheres to the MCP OAuth authorization specification, including Dynamic Client Registration

Security architecture & operations

GoMarble has completed business and app verification across the platforms we integrate with

Encryption & credentials
Customer data and integration credentials are encrypted in transit and at rest using industry-standard encryption
Secure development
Security-by-design principles across the development lifecycle, security-focused code reviews, input validation, and rate limiting
Infrastructure
Network segmentation, least-privilege access controls, and regular vulnerability assessments
Monitoring & Audit Logs
Continuous monitoring of infrastructure and services, operational activity logged for troubleshooting, and alerting
Access control
Role-based access control (RBAC) with least privilege, regular access reviews, automated deprovisioning, and secure session
Backups & recovery
Regular backups help protect customer data and also support recovery of data
Encryption & credentials
Customer data and integration credentials are encrypted in transit and at rest using industry-standard encryption
Infrastructure
Network segmentation, least-privilege access controls, and regular vulnerability assessments
Access control
Role-based access control (RBAC) with least privilege, regular access reviews, automated deprovisioning, and secure session
Secure development
Security-by-design principles across the development lifecycle, security-focused code reviews, input validation, and rate limiting
Monitoring & Audit Logs
Continuous monitoring of infrastructure and services, operational activity logged for troubleshooting, and alerting
Backups & recovery
Regular backups help protect customer data and also support recovery of data

Questions about security?

Need a security review, compliance information, or have questions about how GoMarble protects your data? Our team is happy to help.

Mail Us →