Honest, practical security for custom apparel shops. Your designs, customer lists, and order history are encrypted, backed up, and never sold — full stop.
At Marc's Inventory, security isn't an afterthought—it's built into every layer of our platform. We protect your inventory data, customer information, and business metrics with the same rigorous standards trusted by Fortune 500 companies. Here's how we do it.
All data in transit is protected with TLS 1.2+ encryption (the same standard used by banks). Data at rest is encrypted using AES-256, the military-grade encryption standard. Your inventory details are always safe, whether in transit or on our servers.
We host on Amazon Web Services (AWS), the world's most trusted cloud provider. Our infrastructure spans multiple availability zones with automatic failover and redundancy. Cloudflare provides DDoS protection and intelligent routing.
We use industry-standard JWT (JSON Web Tokens) for session management and bcrypt with 12-round hashing for password storage. Optional two-factor authentication adds an extra layer of protection to your account.
We never store full credit card information. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We comply with PCI DSS standards for handling payment data.
Marc's Inventory uses a multi-tenant architecture with strict per-account isolation. This means:
Each account's data is logically separated at the database level with row-level security policies enforced at the application layer.
Role-based access control (RBAC) ensures team members can only view and modify data they're authorized to access.
Every action is logged with timestamps and user identification. Logs are immutable and retained for 2 years for compliance.
Marc's Inventory runs entirely on AWS and Cloudflare — both SOC 2, ISO 27001, and PCI DSS certified at the infrastructure level. We inherit their physical, network, and hypervisor security controls, and layer our own application security on top: AES-256 at rest, TLS 1.2+ in transit, bcrypt password hashing, private subnets, and least-privilege IAM.
Marc's Inventory itself is not independently SOC 2 audited. We believe in stating that honestly rather than implying certifications we don't hold.
We comply with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). Users have the right to access, modify, and delete their data upon request.
Our disaster recovery plan includes:
We take security seriously and welcome responsible vulnerability disclosures. If you discover a security issue, please report it confidentially to our security team.
Email: security@marcsinventory.com
Please include: description of the vulnerability, steps to reproduce, and your contact information. We commit to acknowledging reports within 48 hours and providing updates every 7 days.
Quarterly penetration tests by certified third-party security firms
Continuous automated scanning and dependency checking across the platform
All code undergoes security-focused review before deployment
Our security team is ready to discuss your concerns and share detailed compliance information.
Contact Our Security Team