MarsMars Trust

Compliance

Built to meet the standards your auditors expect.

Two professionals reviewing documents together

Audit-ready, so you don't have to slow down.

SOC 2, GDPR, and your customer's security questionnaire — handled. Get the paperwork your buyers ask for without burning a quarter on it.

SOC 2 Type II

Currently in observation period with our auditor. Type II report expected Q3 2026. Type I report available on request under NDA.

GDPR

Data Processing Agreement (DPA) available for EU customers. Sub-processor list maintained on this page. EU-region data residency available on request.

Data Residency

Default region: AWS us-west-1. EU and APAC regions available for enterprise customers. Cross-region replication off by default.

Data Retention

Customer data retained for the life of the account plus 30 days post-cancellation. Hard delete on request. Backups retained 35 days.

Sub-processors

AWS (infrastructure), Stripe (billing), SES (email delivery), Sentry (error tracking). Full list with purposes available in the DPA.

Audit Support

We respond to customer security questionnaires within 5 business days. SIG, CAIQ, and custom RFP responses supported on enterprise plans.