Security at MRRX
We take security seriously. Your data and your customers' data are protected with industry-leading security practices.
Stripe Connect OAuth
We never store your Stripe secret keys. We use Stripe Connect with OAuth, meaning you grant us limited, revocable access to your Stripe account. You can disconnect anytime from your Stripe dashboard.
Encryption at Rest
All sensitive data, including OAuth tokens, is encrypted at rest using AES-256-GCM encryption. Encryption keys are rotated regularly and stored in secure key management systems.
Encryption in Transit
All data transmitted between your systems and MRRX is encrypted using TLS 1.3. We enforce HTTPS on all endpoints and use HSTS to prevent downgrade attacks.
Infrastructure Security
MRRX runs on Vercel's edge network with automatic DDoS protection. Our database is hosted on Neon with automated backups, point-in-time recovery, and SOC 2 Type II compliance.
Tenant Isolation
Your data is completely isolated from other customers. Every database query is scoped to your tenant ID, and we use row-level security to prevent cross-tenant data access.
Audit Logging
Every action in MRRX is logged with timestamps, actor identification, and request details. Audit logs are retained for compliance and can be exported for your records.
API Key Security
API keys are hashed using SHA-256 before storage. We only store the hash, never the plain key. Keys can be rotated instantly from your dashboard.
Rate Limiting
All API endpoints are rate-limited to prevent abuse. Webhook endpoints use signature verification to ensure requests originate from MRRX.
Compliance & Certifications
GDPR Compliant
We comply with GDPR requirements for data protection and privacy. Data processing agreements are available upon request.
SOC 2 Type II
Our infrastructure partners (Vercel, Neon, Stripe) maintain SOC 2 Type II compliance. We inherit their security controls.
PCI DSS
We never touch credit card data. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.
Responsible Disclosure
Found a security vulnerability? We appreciate your help in keeping MRRX secure. Please report vulnerabilities to our security team. We commit to acknowledging your report within 24 hours and will keep you updated on our progress.
Report a vulnerabilityQuestions about security?
We're happy to answer any questions about our security practices or provide additional documentation for your security review.