Security & Privacy
How marql handles your business data
Read-only access to your systems. Data stored in the EU on AWS. Encrypted in transit and at rest. Your data is never written back to your POS or sold to third parties.
For compliance documentation, DPA agreements, or specific security requirements, contact [email protected].
Core security principles
Read-only access
marql connects to your POS, accounting, and ERP systems with read-only credentials. We never write back to your source systems, modify your records, or change any configuration in your existing stack.
Encrypted in transit and at rest
All data in transit between your systems and marql is encrypted using TLS. Data stored in our platform is encrypted at rest using industry-standard encryption.
EU data storage
Your data is stored on AWS infrastructure in the EU (Stockholm, eu-north-1 region). We do not transfer your business data outside the European Union.
Isolated per organisation
Each organisation's data is logically isolated. Your data is not accessible to other organisations on the platform. Enterprise plans include a dedicated database option for physical isolation.
You control access
Role-based access means you decide who in your organisation sees which data. Owners see all stores; store managers see only their location. Access is configured once and enforced automatically.
No data sold, no ad tracking
We do not sell your data to third parties and we do not use advertising or tracking cookies. Session cookies are used strictly for authentication.
What "read-only" means in practice
When marql connects to your POS, accounting, or ERP system, the connection uses read-only credentials — an API key or export access that grants viewing permission only. marql has no ability to:
- Create, update, or delete transactions in your POS
- Modify invoices, records, or entries in your accounting system
- Change prices, products, or any configuration in connected systems
- Access data beyond what is needed to produce operational views
Your source systems — POS, accounting, ERP — continue to operate exactly as before. marql reads from them; nothing else changes. If you disconnect a source at any time, the read access is revoked immediately.
How your data flows through the platform
For transparency, here is what happens to your data at each stage of the marql pipeline:
For a full technical diagram of the data flow from your POS to the briefing, see the data flow page.
Infrastructure and hosting
marql runs on AWS infrastructure in the EU (Stockholm, eu-north-1 region). Your business data is not transferred outside the European Union. We use Railway and AWS for hosting and do not operate our own physical data centres.
Cloud provider
AWS (Amazon Web Services)
Data region
EU — Stockholm (eu-north-1)
Encryption in transit
TLS (all connections)
Encryption at rest
Industry-standard, enabled by default
Data transfers outside EU
None for business data
Infrastructure provider (hosting)
Railway / AWS, data stored in EU
Enterprise: dedicated database
Standard plans use logical data isolation — your organisation's data is separated from others at the application and database level. For networks with specific data governance requirements, the Enterprise plan includes a dedicated database or isolated infrastructure option, where your data is physically separate from other organisations' data.
Enterprise plans also include SLA agreements and custom data retention terms. For Enterprise security requirements, contact [email protected] or see the Enterprise plan details.
GDPR and your data rights
marql operates under GDPR for organisations and users in the European Economic Area. You have the right to access, correct, or delete your personal data at any time.
- Request a copy of the personal data we hold about you
- Request correction of inaccurate personal data
- Request deletion of your account and associated data
- Object to processing or request restriction
- Request a Data Processing Agreement (DPA) for your organisation
To exercise any of these rights or to request a DPA, contact [email protected]. Full details are in the Privacy Policy.
Third-party services
We use a limited set of sub-processors. The following third-party services may handle data as part of the marql platform:
We do not sell personal data or business data to any third party. We do not use advertising networks.
Security questions
DPA, compliance documentation, or specific requirements?
For Data Processing Agreements, penetration test reports, security questionnaires, or enterprise compliance discussions, contact our privacy team directly.