Last updated: 7/3/2026.
Marcora (MarketCore LLC) gives go-to-market teams governed, on-brand context infrastructure for AI content. This page documents how we protect your data, exactly what is and isn't independently certified today, and what's on our roadmap: the answers a security review needs, stated plainly. Anything not covered here: security@marcora.ai.
Marcora runs on a small, deliberately chosen stack of independently audited providers, with our core backend on dedicated, single-tenant infrastructure.
| Provider | Role | Their certifications | What Marcora inherits |
|---|---|---|---|
| Xano | Application backend + database (Google Cloud, US) | SOC 2 Type 2, ISO 27001, GDPR | Physical, network, and infrastructure controls; encryption at rest; audited platform operations |
| Netlify | Web application hosting / CDN | SOC 2 Type 2, ISO 27001, ISO 27018 | Edge security, build pipeline, DDoS protection |
| Anthropic | AI content generation (API) | SOC 2 Type 2, ISO 27001:2022, ISO 42001 | No training on your data; limited API retention |
| OpenAI | AI content generation (API) | SOC 2 Type 2, ISO 27001:2022 | No training on your data; limited API retention |
| Stripe | Payments | PCI DSS Level 1, SOC 2 | We never store card data |
| Railway | Hosting for integration services (US) | SOC 2 Type 2, SOC 3 | Audited hosting for our MCP and messaging relays |
| Replit | Hosting for file delivery + document conversion (US, on Google Cloud) | SOC 2 Type 2 | Audited hosting; isolated cloud project |
| Mailgun (Sinch) | Transactional email | SOC 2 Type 1 & 2, ISO 27001 | Audited email delivery |
| Composio | Third-party integrations layer | SOC 2 Type 2, ISO 27001:2022 | Audited integration handling |
| PostHog | Product analytics | SOC 2 Type 2 | Audited analytics processing |
| OneSignal | Opt-in notification emails | SOC 2 Type 2, ISO 27001, ISO 27701 | Audited notification delivery |
What's independently certified, and what isn't: the certifications above are held by our infrastructure providers, and Marcora inherits the physical, network, and infrastructure controls they cover. Marcora (MarketCore LLC) has not yet completed its own independent SOC 2 or ISO 27001 audit. Our compliance roadmap is below, and enterprise customers can request our security documentation package at security@marcora.ai.
Found a vulnerability? Email security@marcora.ai. We acknowledge reports within 2 business days.
Enterprise prospects: request our security documentation package at security@marcora.ai. It includes our security overview and DPA, plus direct paths to our infrastructure providers' own trust portals (Xano, Railway, PostHog, and others), where their attestation reports are available first-hand.