Designed to Keep Your Data Secure
Designed to Keep Your Data Secure
Connects AI to your marketing stack using industry-standard security practices, encrypted credential storage, and official platform APIs
Connects AI to your marketing stack using industry-standard security practices, encrypted credential storage, and official platform APIs
Industry Standard Encryption
No AI Training on Customer Data
Secure OAuth Authentication
Monitoring & Auditing Logs
Encrypted Secrets Management
Industry Standard Encryption
No AI Training on Customer Data
Secure OAuth Authentication
Monitoring & Auditing Logs
Encrypted Secrets Management
Verified business status
GoMarble has completed business and app verification across the platforms we integrate with
Completed OAuth app verification and brand verification, with a privacy policy hosted on verified domains and linked from the OAuth consent screen.
Completed OAuth app verification and brand verification, with a privacy policy hosted on verified domains and linked from the OAuth consent screen.
Meta
Completed Meta business verification with official business documentation, following Meta's data and privacy requirements
Meta
Completed Meta business verification with official business documentation, following Meta's data and privacy requirements
Shopify
Meets Shopify App Store requirements for data privacy and security, with secure handling of protected customer data.
Shopify
Meets Shopify App Store requirements for data privacy and security, with secure handling of protected customer data.
Compliance & Standards
Compliance & Standards
We're continuously investing in our security program and aligning GoMarble with industry best practices.
We're continuously investing in our security program and aligning GoMarble with industry best practices.
STANDARD
STATUS
SOC 2 Type II
In progress

ISO 27001
In progress
CCPA
Aligned

OAuth Best Practices
Aligned
STANDARD
SOC 2 Type II
In progress

ISO 27001
In progress
CCPA
Aligned

OAuth Best Practices
Aligned
Platform
Access
Meta Ads
Read access for analytics; approved automation only where explicitly enabled
Google Ads
Read access for analytics; approved automation only where explicitly enabled

Google Analytics
Read-only analytics access
Shopify
Read access for analytics; approved automation only where explicitly enabled

Snowflake
Customer-managed connection; read-only permissions limited to the schemas/tables you choose
Meta Ads
Read access for analytics; approved automation only where explicitly enabled
Google Ads
Read access for analytics; approved automation only where explicitly enabled

Google Analytics
Read-only analytics access
Shopify
Read access for analytics; approved automation only where explicitly enabled

Snowflake
Customer-managed connection; read-only permissions limited to the schemas/tables you choose
Platform-Specific Access
Platform-Specific Access
GoMarble connects using official APIs and requests the permissions required for the workflows you enable
GoMarble connects using official APIs and requests the permissions required for the workflows you enable
What GoMarble does - and doesn't do
What GoMarble does
— and doesn't do
What we do
What we do
Securely connect to your marketing platforms
Use official APIs and secure authentication methods to connect with platforms like Meta, Google Ads, Shopify, and more.
Protect your credentials
Encrypt access credentials and securely manage them using dedicated secrets management infrastructure.
Execute AI workflows
Analyze data, generate recommendations, and execute actions through connected platforms based on the workflow's approval settings.
Monitor and log platform activity
Maintain audit logs, monitor platform health, and follow incident response procedures to support secure operations.
Give you control over your data
Allow you to disconnect integrations, revoke access, delete reports, conversations, and your workspace whenever you choose.
What we never do
Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.
What we do
What we never do
Securely connect to your marketing platforms
Use official APIs and secure authentication methods to connect with platforms like Meta, Google Ads, Shopify, and more.
Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Protect your credentials
Encrypt access credentials and securely manage them using dedicated secrets management infrastructure.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Execute AI workflows
Analyze data, generate recommendations, and execute actions through connected platforms based on the workflow's approval settings.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Monitor and log platform activity
Maintain audit logs, monitor platform health, and follow incident response procedures to support secure operations.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Give you control over your data
Allow you to disconnect integrations, revoke access, delete reports, conversations, and your workspace whenever you choose.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.
Train AI models on your business data
Customer data is never used to train GoMarble or third-party AI models.
Access your accounts without authorization
GoMarble only connects to platforms that you've explicitly authorized.
Store more data than necessary
Marketing performance data is processed to generate insights and isn't permanently stored unless you explicitly save it.
Bypass your workflow settings
Automation follows the rules you've configured—whether that means requiring approval or allowing autonomous execution.
Share customer data across organizations
Each workspace's data remains isolated and is processed only to deliver the requested functionality.
What we never do
Authentication & OAuth security
GoMarble authenticates using OAuth and follows the Model Context Protocol authorization specification and OAuth 2.1 best practices
OAuth 2.1 & PKCE
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Token Security
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Standards-based discovery
Supports OAuth 2.0 Protected Resource Metadata and Authorization Server Metadata for secure, standards-based endpoint discovery
MCP-compliant
GoMarble's MCP Server adheres to the MCP OAuth authorization specification, including Dynamic Client Registration
OAuth 2.1 & PKCE
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Token Security
Authorization uses OAuth 2.1 with PKCE (Proof Key for Code Exchange) to protect authorization codes against interception
Standards-based discovery
Supports OAuth 2.0 Protected Resource Metadata and Authorization Server Metadata for secure, standards-based endpoint discovery
MCP-compliant
GoMarble's MCP Server adheres to the MCP OAuth authorization specification, including Dynamic Client Registration
Security architecture & operations
GoMarble has completed business and app verification across the platforms we integrate with
Encryption & credentials
Customer data and integration credentials are encrypted in transit and at rest using industry-standard encryption
Secure development
Security-by-design principles across the development lifecycle, security-focused code reviews, input validation, and rate limiting
Infrastructure
Network segmentation, least-privilege access controls, and regular vulnerability assessments
Monitoring & Audit Logs
Continuous monitoring of infrastructure and services, operational activity logged for troubleshooting, and alerting
Access control
Role-based access control (RBAC) with least privilege, regular access reviews, automated deprovisioning, and secure session
Backups & recovery
Regular backups help protect customer data and also support recovery of data
Encryption & credentials
Customer data and integration credentials are encrypted in transit and at rest using industry-standard encryption
Infrastructure
Network segmentation, least-privilege access controls, and regular vulnerability assessments
Access control
Role-based access control (RBAC) with least privilege, regular access reviews, automated deprovisioning, and secure session
Secure development
Security-by-design principles across the development lifecycle, security-focused code reviews, input validation, and rate limiting
Monitoring & Audit Logs
Continuous monitoring of infrastructure and services, operational activity logged for troubleshooting, and alerting
Backups & recovery
Regular backups help protect customer data and also support recovery of data
Questions about security?
Need a security review, compliance information, or have questions about how GoMarble protects your data? Our team is happy to help.
Mail Us →