Security & Accessibility

Security

Security Overview

Security is foundational to everything we build at Marotino. From the way we design our systems to the way we handle your data, we follow industry best practices to ensure your information remains safe and protected at every layer.

Infrastructure Security

Our website and services are hosted on enterprise-grade infrastructure with SOC 2 Type II compliant providers. Our infrastructure benefits from:

• HTTPS everywhere — all traffic is encrypted in transit
• DDoS protection at the network and application layers
• Global CDN edge network for fast and resilient delivery
• Automated deployments with immutable build artifacts

Application Security

We build with security in mind from the start, guided by the OWASP Top 10 framework. Our application security practices include input validation, Content Security Policy (CSP) headers, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, and Referrer-Policy headers.

Data Protection

We take a minimal-footprint approach to data handling: all data in transit is encrypted using TLS 1.2+, we practice minimal data collection, no sensitive data is stored on the client side, and data retention policies are reviewed regularly.

Access Controls

We enforce strict access controls across our organization: principle of least privilege applied to all systems, multi-factor authentication (MFA) required for all team members, regular access reviews, and immediate access revocation upon team member departure.

Incident Response

We maintain a defined incident response plan including 72-hour breach notification in compliance with GDPR requirements, prompt notification to all affected parties, and post-incident review for every event.

Vendor Security

All third-party vendors are assessed for their security posture before onboarding. Data Processing Agreements (DPAs) are in place with all data processors. Vendors are reviewed on a recurring basis.

Responsible Disclosure

We value the security research community. If you discover a vulnerability in our systems, please contact us at hello@marotino.com. We commit to acknowledging your report within 48 hours and will not pursue legal action against good-faith security researchers.

Accessibility

Our Commitment

We strive to make our website and services accessible to everyone, including people with disabilities. Accessibility is not an afterthought — it is an integral part of how we design and develop our products.

Standards

We target WCAG 2.1 Level AA compliance across our digital properties. This internationally recognized standard ensures our content is perceivable, operable, understandable, and robust for all users.

What We Do

Our accessibility efforts include semantic HTML, ARIA labels where needed, full keyboard navigation support, sufficient color contrast ratios, responsive design, descriptive alt text on all meaningful images, and focus management for dynamic content.

Accessibility Feedback

If you encounter any accessibility barriers while using our website or services, please contact us at hello@marotino.com. We take all feedback seriously and will work to address reported issues promptly.

Contact Us

If you have questions about our security practices or accessibility efforts, please reach out to the appropriate team below.

Security inquiries: hello@marotino.com

Accessibility feedback: hello@marotino.com